Skills
skills/bitwize-music-studio/claude-ai-music-skills/explicit-checker/Gen Agent Trust Hub

explicit-checker

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted lyrics data from the filesystem without established security boundaries.
  • Ingestion points: Lyrics text is ingested via the extract_section tool in SKILL.md from files located at the path provided in the skill's arguments.
  • Boundary markers: The instructions do not employ delimiters or provide specific instructions for the agent to ignore commands or instructions found within the lyrics content.
  • Capability inventory: The skill has access to the Read, Glob, and Grep tools, as well as the bitwize-music-mcp toolset, which can be used to navigate and read the local filesystem.
  • Sanitization: There is no evidence of sanitization, filtering, or validation performed on the retrieved lyrics text before it is presented to the language model for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 11:26 PM