woven-sfx
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches a sound catalog and audio assets from the vendor's infrastructure at
sfx.woven.video. These operations are required for the skill's primary purpose of managing a sound library. - [COMMAND_EXECUTION]: Includes a utility script (
scripts/pull-library.sh) that automates asset downloads usingcurlandnode. The script resolves local paths based on environment variables or project configuration files to organize the sound library. - [SAFE]: All external references and packages (
woven-sfx-mcp) are associated with the author's infrastructure. No evidence of prompt injection, data exfiltration, or malicious obfuscation was found.
Audit Metadata