Skills
skills/bitwize-music-studio/claude-ai-music-skills/researcher/Gen Agent Trust Hub

researcher

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the data it processes.
  • Ingestion points: Untrusted primary sources, such as court filings and news archives, are retrieved from the web using WebFetch and WebSearch.
  • Boundary markers: The instructions do not define boundary markers (e.g., XML tags or delimiters) to separate fetched content from the agent's instructions, nor do they include warnings to ignore embedded commands.
  • Capability inventory: The skill has permissions to edit and write files (Write, Edit) and access the network (WebFetch).
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of external documents before analysis.
  • [EXTERNAL_DOWNLOADS]: The skill fetches documents from external repositories, including DocumentCloud, CourtListener, Scribd, and various government agency websites, for investigative purposes.
  • [COMMAND_EXECUTION]: The skill performs local file system operations to store research findings and configure itself.
  • It uses Write and Edit tools to create RESEARCH.md and SOURCES.md files within resolved album directories.
  • It utilizes a load_override function to dynamically incorporate configuration settings from a local research-preferences.md file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 11:27 PM