auphonic-optimize
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local Python scripts (
list_presets.pyandoptimize_audio.py) to manage the audio optimization workflow and interact with Auphonic's cloud services. - [EXTERNAL_DOWNLOADS]: Fetches audio presets and optimized media files from official Auphonic API endpoints (
auphonic.com). Note: The download script uses filenames provided by the API without explicit path sanitization. - [DATA_EXFILTRATION]: Uploads user-selected audio files to the Auphonic service for processing, which is the primary intended function of the skill.
- [CREDENTIALS_UNSAFE]: Accesses the AUPHONIC_API_KEY from a local .env file in the repository root for authentication.
- [PROMPT_INJECTION]: The skill processes JSON responses from the external API (such as preset names and production stats) which are displayed to the user, creating a surface for indirect prompt injection. 1. Ingestion points: API response bodies in both Python scripts. 2. Boundary markers: None used in the summary generation within SKILL.md. 3. Capability inventory: File system write access and network operations. 4. Sanitization: No validation or sanitization of strings received from the API is performed.
- [SAFE]: No malicious code, obfuscation, or safety bypass attempts were detected in the skill's implementation.
Audit Metadata