Skills
skills/benzema216/music-analyzer/music-analyze/Gen Agent Trust Hub

music-analyze

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the music_analyzer Python module via a shell command to process local audio files. This involves direct execution of a command-line tool based on user instructions.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where user-provided audio file paths are interpolated into a bash command string: python3 -m music_analyzer analyze "<audio_file_path>".
  • Ingestion points: Untrusted file paths enter the context via the usage instructions in SKILL.md.
  • Boundary markers: The input is wrapped in double quotes, which can be escaped if the input contains unescaped quote characters.
  • Capability inventory: The skill performs shell command execution using python3 (SKILL.md).
  • Sanitization: There are no explicit sanitization, validation, or escaping instructions provided within the skill to handle potentially malicious file paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 08:07 PM