sound-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: This skill presents an attack surface for indirect prompt injection through its ingestion of external data.
- Ingestion points: The skill is configured to use 'mcp__firecrawl__firecrawl_search' and 'WebFetch' to retrieve information from external technical documentation and websites.
- Boundary markers: The instructions do not include boundary markers or explicit warnings to ignore embedded instructions within retrieved data.
- Capability inventory: The agent has access to 'Bash' (with python, node, npm, and ffmpeg), 'Write', and 'Edit' tools, which provides a significant capability set if an injection were to occur.
- Sanitization: There are no instructions describing the sanitization or validation of content fetched from external sources before processing.
Audit Metadata