ai-music-generation
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'infsh' command-line interface to interact with music generation models. The execution environment is restricted via the 'allowed-tools' frontmatter configuration, which limits the agent to only running commands prefixed with 'infsh'. This follows the principle of least privilege by scoping tool access specifically to the required vendor utility.
- [EXTERNAL_DOWNLOADS]: The documentation references instructions to install additional capabilities using 'npx skills add' from the vendor's official GitHub repository (inference-sh/skills). These references point to verified vendor resources and are provided as informational steps for the user.
- [DATA_EXFILTRATION]: The skill uses the 'infsh login' command to authenticate the user with the vendor's service. This is a standard authentication flow for the integrated service and does not involve unauthorized access to local sensitive files or credentials.
Audit Metadata