Skills
skills/bitwize-music-studio/claude-ai-music-skills/lyric-reviewer/Gen Agent Trust Hub

lyric-reviewer

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes untrusted data from lyric files and research documents to perform automated edits.\n
  • Ingestion points: Untrusted data enters the agent context from track files (e.g., tracks/01-song.md) and RESEARCH.md via the Read tool.\n
  • Boundary markers: The instructions lack explicit delimiters or instructions to treat ingested file content as non-executable data, potentially allowing embedded instructions to influence agent behavior during the review.\n
  • Capability inventory: The skill is configured with Read, Edit, Glob, and Grep tools, along with the bitwize-music-mcp tool, allowing it to modify files based on ingested content.\n
  • Sanitization: There is no specified sanitization or validation process for the lyrics or research data before they are used to determine automated fixes or report quality issues.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:29 AM