ableton-lom

Pass

Audited by Gen Agent Trust Hub on Jun 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/audit_lom_coverage.py utility performs network requests to docs.cycling74.com to fetch official LOM documentation for coverage comparison. This is a well-known documentation service for Ableton Live developers and is considered a safe source.- [COMMAND_EXECUTION]: Instructions in AGENTS.md guide the agent to use the opensrc utility via npx to fetch and examine the source code of external dependencies. This is a standard development practice aimed at providing the agent with a better understanding of third-party libraries.- [SAFE]: Indirect Prompt Injection analysis for scripts/audit_lom_coverage.py:
  • Ingestion points: Fetches HTML content from docs.cycling74.com.
  • Boundary markers: Not present in the script's string comparison logic.
  • Capability inventory: Network read via urllib.request, local file read via pathlib, and console output.
  • Sanitization: The script extracts header text from HTML but does not execute or interpret the content as instructions.
  • Context: The script is a maintainer tool and does not process untrusted data during typical skill execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 5, 2026, 09:35 AM
Security Audit — agent-trust-hub — ableton-lom