music-downloader
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: External tools such as
yt-dlpare invoked using list-based arguments in Python and array-based arguments in PowerShell. This approach prevents shell injection even when processing potentially malicious track titles or artist names from external metadata providers. - [EXTERNAL_DOWNLOADS]: The skill fetches metadata and music from well-known services (YouTube Music and MusicBrainz). These connections are essential for the skill's functionality and do not involve untrusted remote code execution or suspicious payload downloads.
- [DATA_EXFILTRATION]: File system operations are localized to the workspace and a user-specified library root. The library repair tool includes directory traversal protections to ensure file movements remain within the intended boundaries, and no sensitive system files are accessed.
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill follows development best practices for tool invocation, environment setup, and input sanitization.
Audit Metadata