sound-effects

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to invoke the ffmpeg and ffprobe binaries within the trim_silence.py script. These calls are used for analyzing audio duration, detecting silence ranges, and performing audio trimming. The commands are securely constructed using argument lists, which prevents shell injection vulnerabilities.\n- [EXTERNAL_DOWNLOADS]: The generate_sfx.py script downloads generated MP3 files from Replicate's infrastructure using urllib.request.urlretrieve. This is a standard functional requirement for retrieving the output of the sound synthesis model from a well-known and trusted service.\n- [SAFE]: The skill follows best practices for secret management by providing a setup script (setup_key.py) that stores API tokens in a local config.json file rather than hardcoding them. It also includes a convenience feature to retrieve tokens from related skills within the same local directory structure, facilitating a unified developer experience without increasing the attack surface.\n- [SAFE]: User-provided descriptions are sanitized before being used as filenames, protecting against potential path traversal or filesystem manipulation when saving generated assets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM