gsap

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The utility script scripts/extract-audio-data.py uses subprocess.run to execute the ffmpeg binary. The implementation uses a list of arguments, which is a secure practice that prevents shell injection vulnerabilities. This is standard and necessary functionality for decoding audio data.
  • [EXTERNAL_DOWNLOADS]: The documentation includes references to load the GSAP library and TextPlugin from cdn.jsdelivr.net. This is a well-known and established content delivery network used for hosting public assets.
  • [DATA_EXPOSURE]: The skill mentions using synchronous XMLHttpRequest to load local JSON data (audio-data.json). This is a legitimate requirement for deterministic timeline construction in the HyperFrames environment and does not involve unauthorized data access.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — gsap