Skills
skills/bitwize-music-studio/claude-ai-music-skills/next-step/Gen Agent Trust Hub

next-step

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by accepting and processing user-provided arguments.
  • Ingestion points: The $ARGUMENTS variable in SKILL.md is used to ingest an optional album name from the user.
  • Boundary markers: There are no explicit delimiters (e.g., XML tags or triple quotes) or specific instructions to the model to ignore embedded commands within the input.
  • Capability inventory: The skill is authorized to use Read, Glob, and Grep tools for file system access, as well as the specialized bitwize-music-mcp toolset for music project management.
  • Sanitization: The skill performs a 'fuzzy match' on the user input but does not implement validation or escaping to prevent the input from influencing the agent's logic flow beyond identifying an album.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 10:06 PM