Skills
skills/moosegoose0701/skill-compose/audio-extractor/Gen Agent Trust Hub

audio-extractor

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/extract_audio.py executes the yt-dlp and ffmpeg command-line tools using subprocess.run with argument lists. This facilitates media downloading and processing as a core feature of the skill.\n- [COMMAND_EXECUTION]: The skill exposes the yt-dlp feature to access browser cookies for authentication on various platforms. This involves accessing sensitive local data but is presented as a legitimate tool feature for the user.\n- [PROMPT_INJECTION]:\n
  • Ingestion points: The skill processes external media content and metadata from URLs passed to the extract_audio.py script (e.g., in the url argument).\n
  • Boundary markers: No explicit markers or instructions are used to distinguish between untrusted data and system instructions during processing.\n
  • Capability inventory: The skill possesses the capability to execute shell commands (yt-dlp, ffmpeg) and write files to the local system.\n
  • Sanitization: The script uses secure subprocess calling conventions (argument lists) to prevent shell injection, though it lacks sanitization for metadata strings retrieved from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 10:28 AM