sound-effects
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto invoke theffmpegandffprobebinaries within thetrim_silence.pyscript. These calls are used for analyzing audio duration, detecting silence ranges, and performing audio trimming. The commands are securely constructed using argument lists, which prevents shell injection vulnerabilities.\n- [EXTERNAL_DOWNLOADS]: Thegenerate_sfx.pyscript downloads generated MP3 files from Replicate's infrastructure usingurllib.request.urlretrieve. This is a standard functional requirement for retrieving the output of the sound synthesis model from a well-known and trusted service.\n- [SAFE]: The skill follows best practices for secret management by providing a setup script (setup_key.py) that stores API tokens in a localconfig.jsonfile rather than hardcoding them. It also includes a convenience feature to retrieve tokens from related skills within the same local directory structure, facilitating a unified developer experience without increasing the attack surface.\n- [SAFE]: User-provided descriptions are sanitized before being used as filenames, protecting against potential path traversal or filesystem manipulation when saving generated assets.
Audit Metadata