setup
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses the Bash tool to execute diagnostic commands such as 'python3 --version' and 'uname -s'. These commands are used solely for environment detection and do not pose a security risk.
- EXTERNAL_DOWNLOADS (LOW): The setup process triggers 'pip install -r requirements.txt' and 'playwright install chromium'. While these commands download software from external repositories (PyPI and Playwright's CDN), they are standard initialization procedures for this type of plugin.
- DATA_EXPOSURE & EXFILTRATION (SAFE): The skill checks for the presence of a virtual environment in a specific hidden directory (~/.bitwize-music/venv) but does not attempt to access sensitive system files or credentials.
- PROMPT_INJECTION (SAFE): No evidence of instructions designed to bypass agent safety filters or override system prompts was detected.
Audit Metadata