audio-video
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security bypasses detected. The skill implements standard Decentraland SDK patterns for media handling.
- [EXTERNAL_DOWNLOADS]: Documents the use of curl to download audio files from builder-items.decentraland.org. This is a well-known service for Decentraland assets and is considered safe for this use case.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection where the agent processes external catalog data and user input to generate commands. This is restricted to standard asset downloads.
- Ingestion points: audio-catalog.md (SKILL.md)
- Boundary markers: Absent
- Capability inventory: curl command execution (SKILL.md)
- Sanitization: Absent
Audit Metadata