film-breakdown
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill operates as a utility for film and video analysis, following expected implementation patterns for media processing tools. Its structure and stated purpose are consistent with its code behavior.
- [COMMAND_EXECUTION]: Several scripts (extract_scenes.mjs, extract_subtitles.mjs, transcribe.mjs) execute external CLI tools such as ffmpeg, ffprobe, and whisper to process media files. These are implemented using Node.js's execFile, which executes commands directly without a shell, mitigating shell injection risks.
- [EXTERNAL_DOWNLOADS]: The skill uses yt-dlp to download video content from user-provided URLs for analysis. This is a core, documented feature and does not involve the execution of remote scripts.
- [SAFE]: No obfuscation, hardcoded credentials, data exfiltration, or persistence mechanisms were found. The HTML report generation in generate_report.mjs includes basic HTML escaping for content safety.
Audit Metadata