veo3-video-gen
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFENO_CODE
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill uses ffmpeg to stitch video segments. Since the implementation script is missing, it is impossible to confirm if user-provided prompt strings or styles are properly sanitized before being passed to the shell, creating a risk of command injection.
- [EXTERNAL_DOWNLOADS] (LOW): The skill connects to Google's Gemini API for video generation. This is a trusted external source under [TRUST-SCOPE-RULE], making the network operation low risk.
- [CREDENTIALS_UNSAFE] (LOW): The skill allows passing a Gemini API key as a CLI flag, which can expose the secret to other users on the system via process monitoring tools.
- [NO_CODE] (INFO): The referenced logic file 'scripts/generate_video.py' was not included in the analysis, preventing a full audit of the skill's behavior.
Audit Metadata