audio-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'subprocess.run' function in Python to call external executables 'yt-dlp' and 'ffmpeg'. By passing arguments as a list rather than a single string, it effectively prevents shell injection attacks.
- [EXTERNAL_DOWNLOADS]: The skill is designed to download audio content from various web platforms. This is achieved using 'yt-dlp', a well-known and widely used tool for this specific purpose.
- [SAFE]: Analysis of the source code and documentation reveals no signs of prompt injection, obfuscation, credential theft, or unauthorized persistence mechanisms.
Audit Metadata