Audition
Pass
Audited by Gen Agent Trust Hub on May 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of scripts (ExtendScript, Python) within external desktop applications by piping code from the shell to dedicated bridge scripts (e.g.,
audition_bridge.py) using stdin/stdout. - [EXTERNAL_DOWNLOADS]: Instructions include a recommendation to install the
fluepackage from PyPI viapip install flue. The skill correctly advises the agent to seek explicit user approval before performing this installation, and the package is provided by the skill author ('sfkislev'). - [INDIRECT_PROMPT_INJECTION]: The skill creates an attack surface by interpreting user requests to generate code that is executed within professional creative software. Ingestion points: Processes natural language requests from the user to manipulate application state. Boundary markers: The documentation instructs the agent to treat the human as the driver and prefer small, inspectable steps. Capability inventory: Full scripting access to Adobe Audition, Photoshop, Blender, and other professional suites via bridge scripts. Sanitization: No explicit sanitization or validation of the generated scripts is mentioned.
- [METADATA_POISONING]: The
SKILL.mdfile contains a hardcoded absolute file path (C:\Users\fredd\.claude\skills\flue\SKILL.md) referencing a specific local user directory. This is likely a documentation remnant and could cause file-not-found errors but does not pose a direct security threat.
Audit Metadata