gsap
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract-audio-data.pyusessubprocess.runto execute theffmpegcommand-line tool. The arguments are passed as a list rather than a shell string, which is the recommended secure practice to prevent shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The documentation in
references/effects.mdcontains example<script>tags referencing the GSAP library and its TextPlugin fromcdn.jsdelivr.net. This is a well-known and trusted CDN commonly used for serving front-end libraries. - [DATA_EXPOSURE]: The skill uses
XMLHttpRequestto load local JSON data files. This is a documented requirement for synchronous data loading in the HyperFrames environment and does not involve exfiltration of sensitive information.
Audit Metadata