audio-voice-recovery
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill provides instructions for installing standard audio processing and machine learning libraries (e.g., librosa, openai-whisper, demucs). It also utilizes
torch.hub.loadand pre-trained model loading for Silero VAD and Whisper. These are standard practices for ML-integrated skills and originate from reputable repositories. - [COMMAND_EXECUTION] (SAFE): Extensive use of FFmpeg and SoX via Python's
subprocessmodule. Analysis shows the scripts utilize list-based arguments which mitigate common command injection risks. The commands are strictly limited to audio processing tasks. - [DATA_EXPOSURE] (SAFE): The skill emphasizes data preservation and local processing. While it mentions the Adobe Enhance cloud service for quick results, it explicitly includes a 'When NOT to use' section for forensic or confidential evidence, demonstrating a high degree of security awareness.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill has a data ingestion surface as it processes untrusted audio files and their metadata.
- Ingestion points:
scripts/preflight_audio.py,references/forensic-metadata.md. - Boundary markers: Standard command-line arguments are used; the processing logic is mathematical/signal-based rather than natural language-driven.
- Capability inventory: Execution of FFmpeg, SoX, and Exiftool via subprocess for analysis and enhancement.
- Sanitization: Python scripts use structured subprocess calls; metadata extraction logic includes anomaly detection to identify tampering.
Audit Metadata