media-use
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
converter.pyexecutesffmpegandffprobeusing thesubprocessmodule. The tool constructs commands as lists of arguments, which is a secure practice that prevents shell injection vulnerabilities when handling user-provided file paths or options. - [EXTERNAL_DOWNLOADS]: The
uv.lockfile specifies dependencies to be fetched from a Tencent Cloud PyPI mirror. This is a well-known and legitimate service used for package distribution.
Audit Metadata