new-album
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user input ($ARGUMENTS) to define directory and file names. While it includes validation for genres, the album names are passed directly into a tool with file-writing capabilities.
- Ingestion points: User-supplied album names and genres in the $ARGUMENTS variable.
- Boundary markers: None present around the interpolated arguments.
- Capability inventory: Access to
BashandWritetools allows for significant file system modifications. - Sanitization: The skill provides a whitelist for genres and specific parsing logic, though it lacks validation for the
album-namestring itself. - Command Execution (SAFE): Although the skill specifies the
Bashtool as allowed, the instructions explicitly prohibit the agent from manually running shell commands (mkdir, cp) and instead mandate the use of a structured MCP tool (create_album_structure). This significantly reduces the risk of arbitrary command execution via user-supplied names. - Data Exposure (SAFE): The skill references local configuration paths (e.g.,
~/.bitwize-music/config.yaml). This is standard behavior for local automation skills and no patterns of exfiltration were detected.
Audit Metadata