audio-theater

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected in the skill instructions or scripts.
  • [COMMAND_EXECUTION]: The skill makes extensive use of ffmpeg and ffprobe for audio processing, and uses sys.executable to orchestrate internal script calls. These are implemented using subprocess.run with list arguments (no shell), which is a safe practice for local media processing.
  • [CREDENTIALS_UNSAFE]: The skill uses a local key-sharing mechanism in scripts/_common.py that reads configuration files from sibling skills (e.g., asset-generator, sound-effects) located in the ~/.cursor/skills/ directory. This allows the user to maintain a single set of API keys for Gemini, Replicate, and ElevenLabs across related tools without hardcoding secrets.
  • [EXTERNAL_DOWNLOADS]: The skill fetches audio assets from official and well-known AI service providers, including Google (Gemini), Replicate, and ElevenLabs. These are expected behaviors for the skill's primary purpose of media generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM