clipboard

Fail

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using content retrieved from external files via the bitwize-music-mcp tool. Specifically, it instructs the agent to use patterns like printf '%s' "$content" | pbcopy (and variants for Linux/WSL). If the track files being processed contain shell metacharacters such as backticks (`), subshell syntax ($(...)), or command separators, these can be executed by the system shell during the clipboard operation, leading to unauthorized command execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted track content from external files without adequate safeguards.
  • Ingestion points: Track files (lyrics, style prompts, and metadata) are loaded into the agent's context via the bitwize-music-mcp tool as specified in SKILL.md.
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific 'ignore' instructions to prevent the agent from following instructions embedded within the file content.
  • Capability inventory: The skill has access to the Bash tool for system command execution and the Read tool for filesystem access.
  • Sanitization: Absent. There is no logic provided to escape, validate, or sanitize the file content before it is interpolated into shell commands or processed by the model.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 27, 2026, 11:26 PM
Security Audit — agent-trust-hub — clipboard