Skills
skills/bitwize-music-studio/claude-ai-music-skills/mix-engineer/Gen Agent Trust Hub

mix-engineer

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via its configuration loading mechanism.
  • Ingestion points: The skill retrieves custom processing settings from an external file named "mix-presets.yaml" using the load_override tool.
  • Boundary markers: The instructions do not specify any delimiters or instructions for the agent to disregard potential commands embedded within the YAML configuration.
  • Capability inventory: The agent is equipped with several high-privilege tools, including "Bash", "Edit", and "Write", which could be exploited if the agent follows malicious instructions found in the ingested data.
  • Sanitization: The skill documentation does not mention any form of schema validation or content sanitization for the loaded override files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 10:46 AM