Skills
skills/phuetz/code-buddy/ableton-live/Gen Agent Trust Hub

ableton-live

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the AbletonOSC repository on GitHub and suggests installing common libraries from PyPI (python-osc) and NPM (osc-js).
  • [COMMAND_EXECUTION]: Provides instructions for running the AbletonOSC server via the command line and installing required packages using standard package managers.
  • [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection via the processing of untrusted external data.
  • Ingestion points: The documentation includes code for listening to network-based OSC messages and reading state data from local JSON files.
  • Boundary markers: No delimiters or isolation instructions are present to prevent the agent from interpreting embedded commands in ingested data.
  • Capability inventory: The skill utilizes network communication (UDP) and local file system access for status persistence.
  • Sanitization: There is no evidence of validation or sanitization for incoming OSC message arguments or data loaded from temporary files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:08 AM