mix-master
Fail
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/mix.shcontains command injection vulnerabilities where user-supplied arguments are interpolated into Python execution strings without sanitization. Specifically, the--vo-volumeand--total-durationflags are used inpython3 -ccalls:VOL="$(python3 -c "print(round($VO_VOLUME * 1.2, 4))")"and `FADE_START="$(python3 -c "print(round($TOTAL - 1.5, 3))")"`. An attacker could exploit this by providing a maliciously crafted string as one of these arguments to execute arbitrary shell commands on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata