Skills
skills/bitwize-music-studio/claude-ai-music-skills/validate-album/Gen Agent Trust Hub

validate-album

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill ingests untrusted content from the filesystem which creates a surface for indirect prompt injection. 1. Ingestion points: content is read from README.md and track files (tracks/*.md). 2. Boundary markers: Absent; there are no instructions to the model to ignore embedded commands in the files it reads. 3. Capability inventory: the agent has access to Bash (filesystem write access via move commands) and Read tools. 4. Sanitization: no validation or sanitization of file content is performed.
  • COMMAND_EXECUTION (SAFE): The skill uses the Bash tool for legitimate filesystem operations such as checking file existence (test -f) and listing directories (ls). It provides suggested commands for the user to fix structural issues.
  • DATA_EXPOSURE (SAFE): The skill accesses a local configuration file at ~/.bitwize-music/config.yaml which is required for its primary purpose and does not involve system-level sensitive data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 07:20 AM