music-downloader

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: External tools such as yt-dlp are invoked using list-based arguments in Python and array-based arguments in PowerShell. This approach prevents shell injection even when processing potentially malicious track titles or artist names from external metadata providers.
  • [EXTERNAL_DOWNLOADS]: The skill fetches metadata and music from well-known services (YouTube Music and MusicBrainz). These connections are essential for the skill's functionality and do not involve untrusted remote code execution or suspicious payload downloads.
  • [DATA_EXFILTRATION]: File system operations are localized to the workspace and a user-specified library root. The library repair tool includes directory traversal protections to ensure file movements remain within the intended boundaries, and no sensitive system files are accessed.
  • [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill follows development best practices for tool invocation, environment setup, and input sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:20 PM
Security Audit — agent-trust-hub — music-downloader