promo-video
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The file
scripts/generate_voiceover.pyusessubprocess.runto interface withffmpegandffprobe. Analysis shows that all command arguments are passed as lists and filenames are programmatically generated (e.g.,section_00.mp3), which prevents command injection vulnerabilities. - [EXTERNAL_DOWNLOADS] (SAFE): The script downloads audio data from
api.elevenlabs.io. While flagged by automated scanners, this is a legitimate requirement for a voiceover skill. Per the [TRUST-SCOPE-RULE], ElevenLabs is considered a reputable service for this context. - [REMOTE_CODE_EXECUTION] (SAFE): The script includes an optional dependency on
openai-whisper, which downloads AI models during runtime. Since these are sourced from OpenAI, they are considered trusted for the intended transcription verification purpose. - [DATA_EXFILTRATION] (SAFE): The script accesses
ELEVEN_LABS_API_KEYfrom environment variables. This key is only sent to the official ElevenLabs API endpoint to authenticate requests, which is the expected behavior.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
Audit Metadata