Skills
skills/bitwize-music-studio/claude-ai-music-skills/promo-writer/Gen Agent Trust Hub

promo-writer

Fail

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: CRITICALNO_CODEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill serves as a template repository that interpolates external album data into social media prompts.
  • Ingestion points: Album context (referenced in file headers as the source for the promo-writer).
  • Boundary markers: Absent; the templates use simple placeholders like '[album name]' without delimiters or instructions to ignore embedded commands.
  • Capability inventory: Intended for the generation and distribution of social media content.
  • Sanitization: Absent; no escaping or validation of context data is provided within the templates.
  • [Metadata Poisoning] (SAFE): An automated scan alert for 'instagram.md' was provided in the context; however, no phishing URLs or references to that file were found in the analyzed 'copy-formulas.md' file.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 22, 2026, 06:35 AM