music-rhythm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill invokes a shell command using the python3 -m flag to run a music analysis module.
- Evidence: The instruction uses
python3 -m music_analyzer rhythm "<audio_file_path>". - Risk: User input is directly interpolated into a shell command. Although wrapped in double quotes, certain shells may still execute commands nested within backticks or dollar-parenthesis if they appear in the path.
- Indirect Prompt Injection (LOW): The skill accepts untrusted file paths from the user which are passed to system tools.
- Ingestion points: The
<audio_file_path>parameter. - Boundary markers: No specific delimiters or safety instructions are used to separate the path from the command.
- Capability inventory: The skill possesses the ability to execute subprocesses.
- Sanitization: There is no explicit sanitization code provided in the skill to filter malicious shell characters.
Audit Metadata