Skills
skills/luoluoluo22/jianying-editor-skill/jianying-editor/Gen Agent Trust Hub

jianying-editor

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The README.md file contains a 'One-Click Installation' command for Windows: irm is.gd/rpb65M | iex.
  • This pattern downloads content from a shortened, unverified URL and immediately executes it in the shell environment without verification.
  • [COMMAND_EXECUTION]: The skill makes extensive use of subprocess calls to interact with the system and external tools.
  • tools/recording/recorder.py spawns ffmpeg for screen recording and calls sys.executable to run editing scripts.
  • scripts/utils/media_normalizer.py and scripts/api_validator.py execute ffmpeg and ffprobe respectively.
  • examples/video_transcribe_and_match.py executes another Python script (chat.py) from a separate skill folder.
  • [EXTERNAL_DOWNLOADS]: The skill implements automated downloading of media assets.
  • scripts/cloud_manager.py downloads video and audio files from URLs found in local database CSVs or extracted from Jianying logs.
  • scripts/universal_tts.py fetches generated audio from ByteDance's SAMI service (sami.bytedance.com) using WebSockets.
  • While the CloudManager implements some hostname validation (blocking localhost and private IPs), it still allows downloading and executing binary media assets from remote servers.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 05:27 AM