audio-theater
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected in the skill instructions or scripts.
- [COMMAND_EXECUTION]: The skill makes extensive use of
ffmpegandffprobefor audio processing, and usessys.executableto orchestrate internal script calls. These are implemented usingsubprocess.runwith list arguments (no shell), which is a safe practice for local media processing. - [CREDENTIALS_UNSAFE]: The skill uses a local key-sharing mechanism in
scripts/_common.pythat reads configuration files from sibling skills (e.g.,asset-generator,sound-effects) located in the~/.cursor/skills/directory. This allows the user to maintain a single set of API keys for Gemini, Replicate, and ElevenLabs across related tools without hardcoding secrets. - [EXTERNAL_DOWNLOADS]: The skill fetches audio assets from official and well-known AI service providers, including Google (Gemini), Replicate, and ElevenLabs. These are expected behaviors for the skill's primary purpose of media generation.
Audit Metadata