Skills
skills/bitwize-music-studio/claude-ai-music-skills/promo-director/Gen Agent Trust Hub

promo-director

Fail

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: CRITICALDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION] (CRITICAL): Automated security scans (URLite) confirmed a malicious phishing URL in the instagram.md template. This file is intended for generating social media content, posing a severe risk of directing users to malicious sites.
  • [COMMAND_EXECUTION] (HIGH): The skill utilizes the Bash tool to execute ffmpeg commands for video generation. These commands are constructed using unsanitized metadata such as track titles and artist names. This enables arbitrary command injection via shell metacharacters (e.g., using $(command) within a track name).
  • [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of external software (ffmpeg) and multiple Python libraries (pillow, librosa, pyyaml) from public repositories.
  • [COMMAND_EXECUTION] (MEDIUM): The skill performs environment-dependent checks using Bash (e.g., ffmpeg -filters | grep ...), which increases the potential attack surface when combined with dynamic command generation.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 22, 2026, 06:37 AM