gsap
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract-audio-data.pyutilizessubprocess.runto call theffmpegutility for audio decoding. The implementation uses a list for command arguments, which is a secure method that prevents shell injection attacks. - [EXTERNAL_DOWNLOADS]: The documentation references official GSAP libraries hosted on established public CDNs such as
cdn.jsdelivr.netand package registries likenpm. These are standard, trusted sources for web development assets. - [DATA_EXPOSURE]: The skill enables processing of local audio and video files to generate visualization data. All processing occurs locally on the user's system, and the resulting JSON data is stored on the local filesystem with no evidence of external data exfiltration.
Audit Metadata