video-podcast-maker

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses Python's subprocess module and Node.js npx to perform media processing tasks.
  • scripts/generate_tts.py and its backends use ffmpeg for audio concatenation and normalization, and ffprobe for duration validation.
  • scripts/generate_shorts.py invokes ffmpeg to slice audio segments and npx remotion render to generate vertical videos.
  • scripts/verify_output.py uses ffprobe to validate the technical specifications of the generated MP4 files.
  • scripts/learn_design.py uses ffmpeg for frame extraction from reference videos.
  • scripts/cli.py serves as a dispatcher that spawns the underlying Python scripts as child processes.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with various established cloud services and manages its own updates via Git.
  • The TTS backends in scripts/tts/backends/ make authenticated API requests to Microsoft Azure, OpenAI, Google Cloud, Alibaba (CosyVoice), Volcengine (Doubao), and ElevenLabs.
  • scripts/check_update.sh uses git ls-remote to check for new versions on GitHub and can perform a git pull to update the skill directory, which is gated by explicit user consent in the instructions.
  • templates/components/LottieAnimation.tsx and MediaSection.tsx support fetching animation data and images from remote URLs (e.g., LottieFiles, Unsplash, Pexels) for use in video compositions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 11:25 PM
Security Audit — agent-trust-hub — video-podcast-maker