Skills
skills/bitwize-music-studio/claude-ai-music-skills/researchers-verifier/Gen Agent Trust Hub

researchers-verifier

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Detected a surface for Indirect Prompt Injection through the systematic ingestion of untrusted external and internal data.\n
  • Ingestion points: The skill is instructed to use WebFetch to verify arbitrary URLs and Read/Grep to analyze research files which may contain attacker-controlled content.\n
  • Boundary markers: Absent. There are no instructions defining delimiters (e.g., XML tags) or providing 'ignore embedded instructions' warnings when the agent processes the fetched content.\n
  • Capability inventory: The agent has access to Write, Edit, and WebFetch tools. If a malicious instruction were embedded in a verified source, the agent could be tricked into modifying local files or exfiltrating data to an external server.\n
  • Sanitization: No sanitization or validation logic is present to filter executable instructions or malicious prompts from the retrieved data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 07:19 AM