pipa-audio-brief
Generates listenable audio briefs for various work artifacts, enhancing understanding and review without reading line by line.
Install this skill
or
64/100
Security score
The pipa-audio-brief skill was audited on Jun 8, 2026 and we found 6 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 167
Piping content to bash shell
SourceSKILL.md
| 167 | curl -fsSL https://here.now/install.sh | bash |
medium line 167
Curl to non-GitHub URL
SourceSKILL.md
| 167 | curl -fsSL https://here.now/install.sh | bash |
medium line 119
Access to hidden dotfiles in home directory
SourceSKILL.md
| 119 | For optional Piper mode, write the page contract with `"audio.mode": "piper"` after generation succeeds. Use `PIPA_AUDIO_BRIEF_BACKEND=piper scripts/generate-audio-job.sh start <brief-script.txt> <pub |
medium line 128
Access to hidden dotfiles in home directory
SourceSKILL.md
| 128 | 4. If the backend is missing, the async job runs `scripts/setup-kokoro.sh` once. Setup creates or reuses `~/.cache/pipa-audio-brief/kokoro-onnx-venv/` and cached INT8 model files under `~/.cache/pipa- |
medium line 178
Access to hidden dotfiles in home directory
SourceSKILL.md
| 178 | After a successful here.now publish, remove the local generated bundle and temporary generation artifacts. The here.now URL is the durable user-facing artifact. Do not keep `.artifacts/audio-briefs/<s |
low line 167
External URL reference
SourceSKILL.md
| 167 | curl -fsSL https://here.now/install.sh | bash |
Scanned on Jun 8, 2026
View Security DashboardGitHub Stars 1
Rate this skill
Categorymarketing
UpdatedJune 15, 2026
opencodefrontenddesigndocxapibackendcontent-marketercopywritermarketing-analystproduct-managercustomer-experiencemarketingcontent mediaproductsupport
lunchpaillola/pipa-skills