music-tonality
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill interpolates user input directly into a shell command:
python3 -m music_analyzer tonality "<audio_file_path>". An attacker could provide a malicious file path containing shell metacharacters (e.g.,;,`,$()) to execute arbitrary commands on the system. - EXTERNAL_DOWNLOADS (LOW): The skill relies on
music_analyzer,essentia, andlibrosa. Whileessentiaandlibrosaare known audio libraries,music_analyzeris not a standard package, and no versioning or source verification is provided.
Recommendations
- AI detected serious security threats
Audit Metadata