Skills
skills/bitwize-music-studio/claude-ai-music-skills/pronunciation-specialist/Gen Agent Trust Hub

pronunciation-specialist

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection as it processes untrusted lyrics and has permissions to edit and write files.
  • Ingestion points: Lyrics are ingested via the $ARGUMENTS variable (direct input) or by reading track files provided by the user, as described in SKILL.md.
  • Boundary markers: No boundary markers or instructions to ignore embedded commands within the lyrics are present in the skill definition.
  • Capability inventory: The skill possesses the Read, Edit, Write, Grep, and Glob tools, enabling it to modify the filesystem based on the content of the processed lyrics.
  • Sanitization: There is no mention of sanitization or validation of the input lyrics before they are used to generate reports or update files.
  • COMMAND_EXECUTION (LOW): The SKILL.md file defines a workflow using tools like check_homographs, extract_section, and load_override which are not listed in the allowed-tools section. This discrepancy between the instructions and the authorized toolset could lead the agent to attempt invoking unauthorized or non-existent tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 06:51 AM