songsee
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
songseecommand-line tool viago install github.com/steipete/songsee/cmd/songsee@latest, fetching code from an external repository not listed as a trusted vendor. - [COMMAND_EXECUTION]: The skill uses shell commands to process audio files and generate various visual representations, which is the primary intended functionality.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external audio files and generates visualizations for subsequent AI analysis.
- Ingestion points: Audio files (e.g.,
track.mp3) ingested via CLI as shown in SKILL.md. - Boundary markers: None identified in the skill instructions.
- Capability inventory: Shell command execution and local file system write operations (
-oflag). - Sanitization: No validation or sanitization of the audio file input is performed before processing.
Audit Metadata