audio-quality-check
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/analyze_recording.pyexecutes system commandsffmpegandffprobeto perform audio extraction and metadata probing. The implementation uses list-based arguments and avoidsshell=True, which is a secure practice that prevents command injection via malicious file paths.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because the analysis script reads and displays text from ametadata.jsonfile located within user-specified directories without sanitization or boundary markers.\n - Ingestion points:
scripts/analyze_recording.pyreads and prints thetitle,appName,createdAt, andspeakersfields from themetadata.jsonfile found in the recording directory.\n - Boundary markers: None are used when printing these values to the console output.\n
- Capability inventory: The skill has the capability to read local files and execute system commands via
subprocess.run.\n - Sanitization: No sanitization or validation is performed on the metadata strings before they are displayed to the agent.
Audit Metadata