veo-video
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the @google/genai npm package. Under the [TRUST-SCOPE-RULE], the google organization is considered a trusted source, and this package is the standard SDK for the specified API.
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly instructs the use of environment variables for API keys (GEMINI_API_KEY). No hardcoded credentials or secrets were found in the files.
- [DATA_EXFILTRATION] (SAFE): All network communication is directed to official Google endpoints (generativelanguage.googleapis.com). No evidence of unauthorized data transmission to non-whitelisted domains was found.
- [COMMAND_EXECUTION] (SAFE): The skill describes file download operations to a local path (output.mp4). This is restricted to the intended output of the video generation process and does not allow for arbitrary command execution.
Audit Metadata