Utilities
Fail
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Several scripts utilize subprocess calls to perform legitimate tasks:
recalc.pyandpack.pyinvokesoffice(LibreOffice) to recalculate and validate Office documents;BinaryTests.tsandStaticAnalysis.tsin the Evals skill run local test runners and linters; Raycast scripts in the Fabric skill execute thefabricCLI. - [EXTERNAL_DOWNLOADS]: The PAIUpgrade skill (
Anthropic.ts) and Parser skill (BatchEntityExtractionGemini3.md) perform network requests to fetch release notes, documentation, and web content from trusted domains likeanthropic.com,github.com, andgoogle.com. The AudioEditor skill (Polish.ts) interacts with the Cleanvoice API. - [DATA_EXFILTRATION]: The AudioEditor skill sends audio data to
api.cleanvoice.aifor automated processing. This is a core feature of the skill's audio cleaning workflow and is clearly documented as requiring a user-provided API key. - [SAFE]: Automated scanner alerts for
Parser/Workflows/ExtractYoutube.mdandchannelwebsite.comwere determined to be false positives, as they involve standard documentation examples and benign placeholder domains.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata