Skills
skills/postplusai/postplus-skills/video-request-architect/Gen Agent Trust Hub

video-request-architect

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill reads session tokens from vendor-specific local configuration files (e.g., ~/.config/postplus/config.json) to authenticate with the PostPlus hosted API.
  • [COMMAND_EXECUTION]: Spawns a subprocess to execute python3 -m yt_dlp for downloading and processing video files from URLs specified in project manifests.
  • [EXTERNAL_DOWNLOADS]: Facilitates the downloading of media assets from external sources as required by the video production workflow.
  • [DATA_EXFILTRATION]: Conducts network requests to vendor-managed API endpoints for task synchronization and asset management using legitimate session tokens.
  • [PROMPT_INJECTION]: Processes user-provided video scripts and beat sheets to build structured prompts. The skill uses a 'Request Architecture' to ensure data is clearly separated from instructions, reducing the risk of indirect injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:37 AM