watch
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behaviors, obfuscation, or security vulnerabilities were detected.
- [COMMAND_EXECUTION]: The skill executes local binaries for media processing using structured argument lists with
subprocess.run, which effectively prevents shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of legitimate, well-known software dependencies (ffmpeg and yt-dlp) via the Homebrew package manager on macOS, or provides manual installation instructions for other platforms.
- [DATA_EXFILTRATION]: Audio data is transmitted to well-known AI providers (Groq and OpenAI) for transcription as part of the skill's primary function. This behavior is documented and targets established services.
- [CREDENTIALS_UNSAFE]: The skill implements secure credential management by storing API keys in a dedicated configuration file (
~/.config/watch/.env) and includes preflight checks to ensure the file has appropriate restricted permissions (0600).
Audit Metadata