Skills
skills/bitwize-music-studio/claude-ai-music-skills/researchers-tech/Gen Agent Trust Hub

researchers-tech

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because its core function involves processing untrusted external data.
  • Ingestion points: Untrusted data enters the agent context via the WebFetch and WebSearch tools while researching technical archives, mailing lists, and developer blogs (documented in SKILL.md and PROJECT_RESEARCH.md).
  • Boundary markers: The instructions lack explicit boundary markers or systemic warnings to the agent to disregard instructions potentially embedded within the research material.
  • Capability inventory: The skill allows the agent to use Edit and Write tools. While intended for documenting findings, an indirect injection from a malicious source could attempt to trick the agent into performing unauthorized file modifications.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from external URLs before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 01:58 PM