sound-effects-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): The skill utilizes legitimate Python packages (numpy, scipy, soundfile) for signal processing and audio export. No malicious obfuscation, network exfiltration, or unauthorized credential access patterns were detected.\n- [Indirect Prompt Injection] (LOW): The skill processes external parameters to generate files, creating a potential surface for indirect prompt injection or path traversal.\n
- Ingestion points: Filenames and paths passed to the
.save()method or the--outputCLI argument, as well as audio parameters like frequency and duration.\n - Boundary markers: None identified. There are no delimiters or instructions provided to the agent to treat input filenames as untrusted data.\n
- Capability inventory: The skill has the capability to write audio files (WAV, MP3) to the local file system using the
soundfileandpydublibraries.\n - Sanitization: No evidence of path validation or sanitization was found in the documentation. An agent could be misled into overwriting critical files if it passes an unvalidated user-provided path to the saving functions.
Audit Metadata