Skills
skills/pawbytes/creative-agency-suites/paw-cra-video-longform/Gen Agent Trust Hub

paw-cra-video-longform

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external media tools to perform video validation and assembly.
  • Evidence: scripts/validate-video.py uses subprocess.run to call ffprobe and ffmpeg for metadata extraction and loudness measurement.
  • Evidence: references/assembly-guide.md provides ffmpeg command templates for concatenating scenes and mixing audio.
  • Context: All programmatic command executions in the provided scripts use list-based arguments rather than shell strings, which effectively mitigates shell injection risks.
  • [EXTERNAL_DOWNLOADS]: The production pipeline involves interacting with external AI and stock footage providers.
  • Evidence: references/scene-generation.md and references/voiceover-generation.md document usage of fal.ai, elevenlabs.io, and api.pexels.com APIs.
  • Context: These are well-known technology services necessary for the skill's primary purpose of video and audio synthesis. The skill uses standard authentication headers and documentation for these services.
  • [SAFE]: The skill handles sensitive information like API keys using appropriate configuration patterns.
  • Evidence: SKILL.md instructs the agent to load keys from {project-root}/.pawbytes/config/config.yaml rather than hardcoding them.
  • Context: This follows standard secret management practices for developer tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 02:02 PM