strudel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill includes a local Python script
scripts/strudel_url.pyused to encode and decode musical patterns. This script uses standard libraries and performs simple string transformations without risk of shell injection or unsafe execution. - [EXTERNAL_DOWNLOADS] (SAFE): The skill references audio samples hosted on GitHub (
tidalcycles/dirt-samples), which is a trusted organization for musical assets. No other external downloads were detected. - [PROMPT_INJECTION] (SAFE): The instructions in
SKILL.mdare descriptive and functional, containing no markers or techniques intended to bypass AI safety filters or override system instructions. - [DATA_EXFILTRATION] (SAFE): No access to sensitive files, credentials, or environment variables was found. Network-related operations are limited to generating URLs for the legitimate
strudel.ccdomain. - [DYNAMIC_EXECUTION] (SAFE): While the skill generates JavaScript code for musical patterns, this code is intended for execution within a sandboxed browser environment by the user, not for local execution by the agent.
Audit Metadata