music-emotion
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill uses a shell command
python3 -m music_analyzer emotion "<audio_file_path>"to process files. Because the<audio_file_path>variable is derived from user input, an attacker could potentially execute arbitrary commands by providing a path containing shell metacharacters (e.g.,;,&, or backticks), even with the presence of double quotes. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on the
music_analyzerPython package. This package is not from a recognized trusted source or organization defined in the security policy, making its behavior unverifiable without further inspection of its source code.
Recommendations
- AI detected serious security threats
Audit Metadata