Skills
skills/hxy9243/skills/podcast-generator/Gen Agent Trust Hub

podcast-generator

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (scripts/mix_audio.py) which in turn wraps the ffmpeg command-line tool.
  • Evidence: The script uses subprocess.run to call ffmpeg for audio mixing. The inputs are sanitized via os.path.abspath and os.path.expanduser. The parameters (volume, file paths) are passed as a list to the subprocess, which prevents shell injection. This is a standard and safe implementation for a media processing utility.
  • [EXTERNAL_DOWNLOADS]: The documentation mentions sourcing Creative Commons music from well-known and reputable services.
  • Evidence: SKILL.md suggests using Free Music Archive, Pixabay, Wikimedia Commons, and Incompetech. These are trusted, well-known resources for open-source media, and the skill does not automate the download in a way that would execute untrusted remote code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 06:32 PM