mix-master

Fail

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/mix.sh contains command injection vulnerabilities where user-supplied arguments are interpolated into Python execution strings without sanitization. Specifically, the --vo-volume and --total-duration flags are used in python3 -c calls: VOL="$(python3 -c "print(round($VO_VOLUME * 1.2, 4))")" and `FADE_START="$(python3 -c "print(round($TOTAL
  • 1.5, 3))")"`. An attacker could exploit this by providing a maliciously crafted string as one of these arguments to execute arbitrary shell commands on the host system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — mix-master