Skills
skills/koshimazaki/ue-audio-skills/ue5-audio-builder/Gen Agent Trust Hub

ue5-audio-builder

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to the way it handles user-provided descriptions.
  • Ingestion points: The skill accepts untrusted data through the [audio-system-description] argument in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious embedded commands within the descriptions.
  • Capability inventory: The skill is granted access to high-capability tools, specifically Bash, Read, Grep, and Glob, which can be used to modify the file system or execute commands.
  • Sanitization: No sanitization, validation, or escaping logic is mentioned for the natural language input before it is used to orchestrate project generation.
  • [COMMAND_EXECUTION]: The skill configuration explicitly allows the use of the Bash tool. This tool is utilized to orchestrate the generation of project layers (MetaSounds, Blueprints, Wwise), which involves executing shell commands based on the interpretation of user instructions, creating a potential vector for command misuse if the input is manipulated.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 01:48 PM