Skills
skills/bitwize-music-studio/claude-ai-music-skills/researchers-security/Gen Agent Trust Hub

researchers-security

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect prompt injection surface detected due to the nature of the research task.
  • Ingestion points: The skill utilizes WebFetch and WebSearch tools to gather data from external sources, specifically including high-risk sources like 'Hacker community sources (forums, leaked chats)' as defined in SKILL.md.
  • Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores malicious instructions that might be embedded in the fetched technical reports or forum posts.
  • Capability inventory: The skill allows Write, Edit, Grep, and WebFetch operations. An attacker who successfully injects instructions into a processed security report could potentially influence these file-writing capabilities.
  • Sanitization: Absent. There is no logic provided to sanitize or filter the content retrieved from external URLs before the agent processes it for the research report.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 06:48 AM