Skills
skills/arcocodes/renoise-plugins-official/scene-generate/Gen Agent Trust Hub

scene-generate

Warn

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Executes a local script (renoise-cli.mjs) using Node.js from a path relative to the skill directory (../renoise-gen/). This execution occurs outside the skill's own directory structure and relies on unverified external files.
  • [COMMAND_EXECUTION]: User-controlled input is interpolated directly into a shell command for the --prompt argument. This represents a command injection vulnerability if the input contains shell metacharacters such as backticks or semicolons.
  • [EXTERNAL_DOWNLOADS]: Uses the curl utility to download files from a dynamic URL obtained during runtime. While intended for downloading images, this mechanism allows the skill to initiate network connections to arbitrary external sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 06:03 AM