Skills
skills/bitwize-music-studio/claude-ai-music-skills/researchers-gov/Gen Agent Trust Hub

researchers-gov

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection by combining external data ingestion with file-system modification tools.
  • Ingestion points: Untrusted data enters via WebFetch from various government agency websites and the Wayback Machine (e.g., justice.gov, fbi.gov, sec.gov, web.archive.org).
  • Boundary markers: Absent. The skill instructions do not explicitly define delimiters for fetched content or warn the agent to ignore instructions embedded within the source documents.
  • Capability inventory: The skill is granted Read, Write, Edit, Grep, Glob, WebFetch, and WebSearch tools, allowing it to modify files based on findings.
  • Sanitization: Absent. The skill extracts specific fields (quotes, numbers, timelines) from raw text without explicit sanitization or validation of the fetched content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 06:59 AM