ableton-lom
Pass
Audited by Gen Agent Trust Hub on Jun 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/audit_lom_coverage.pyutility performs network requests todocs.cycling74.comto fetch official LOM documentation for coverage comparison. This is a well-known documentation service for Ableton Live developers and is considered a safe source.- [COMMAND_EXECUTION]: Instructions inAGENTS.mdguide the agent to use theopensrcutility vianpxto fetch and examine the source code of external dependencies. This is a standard development practice aimed at providing the agent with a better understanding of third-party libraries.- [SAFE]: Indirect Prompt Injection analysis forscripts/audit_lom_coverage.py: - Ingestion points: Fetches HTML content from
docs.cycling74.com. - Boundary markers: Not present in the script's string comparison logic.
- Capability inventory: Network read via
urllib.request, local file read viapathlib, and console output. - Sanitization: The script extracts header text from HTML but does not execute or interpret the content as instructions.
- Context: The script is a maintainer tool and does not process untrusted data during typical skill execution.
Audit Metadata