clipboard
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using content retrieved from external files via the
bitwize-music-mcptool. Specifically, it instructs the agent to use patterns likeprintf '%s' "$content" | pbcopy(and variants for Linux/WSL). If the track files being processed contain shell metacharacters such as backticks (`), subshell syntax ($(...)), or command separators, these can be executed by the system shell during the clipboard operation, leading to unauthorized command execution. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted track content from external files without adequate safeguards.
- Ingestion points: Track files (lyrics, style prompts, and metadata) are loaded into the agent's context via the
bitwize-music-mcptool as specified inSKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or provide specific 'ignore' instructions to prevent the agent from following instructions embedded within the file content.
- Capability inventory: The skill has access to the
Bashtool for system command execution and theReadtool for filesystem access. - Sanitization: Absent. There is no logic provided to escape, validate, or sanitize the file content before it is interpolated into shell commands or processed by the model.
Recommendations
- AI detected serious security threats
Audit Metadata