Skills
skills/bitwize-music-studio/claude-ai-music-skills/session-start/Gen Agent Trust Hub

session-start

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill ingests instructions from {overrides}/CLAUDE.md in Step 3, creating an indirect prompt injection surface. An attacker could influence agent behavior by placing malicious instructions in this file. 1. Ingestion points: {overrides}/CLAUDE.md. 2. Boundary markers: None identified. 3. Capability inventory: Bash, Read, WebFetch. 4. Sanitization: None performed.
  • [COMMAND_EXECUTION] (MEDIUM): Step 4.5 involves the 'silent execution' of 'auto' actions defined within migration files in the ${CLAUDE_PLUGIN_ROOT}/migrations/ directory. This dynamic execution of content from the filesystem is a significant capability that could be abused if the directory is compromised.
  • [COMMAND_EXECUTION] (SAFE): Standard bash commands are used to verify the mcp Python package installation and check for skill model updates, which are consistent with the skill's initialization purpose.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 06:53 AM