topview-skill
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a secure authentication mechanism through the OAuth 2.0 Device Authorization Grant. User credentials are saved locally at
~/.topview/credentials.jsonwith appropriate file permissions (0600), ensuring they are only readable by the owner. - [SAFE]: All network operations are directed towards official Topview AI domains (
api.topview.ai,www.topview.ai) and a trusted preview service hosted on Vercel. These operations are consistent with the skill's primary purpose of media generation. - [SAFE]: The skill implements robust task management, including automated polling, cost estimation, and clear error handling protocols, reducing the risk of unexpected resource consumption.
- [SAFE]: No indicators of prompt injection, obfuscation, credential exfiltration, or unauthorized persistence mechanisms were found across the scripts or documentation.
- [SAFE]: File uploads are handled through pre-signed S3 URLs generated by the official API, and downloads are restricted to user-requested media results.
Audit Metadata