Skills
skills/bitwize-music-studio/claude-ai-music-skills/resume/Gen Agent Trust Hub

resume

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon metadata retrieved from external sources (the local file system).
  • Ingestion points: Album names, slugs, and track details are retrieved via the find_album and list_tracks MCP tools (SKILL.md).
  • Boundary markers: No delimiters or instructions are used to distinguish untrusted data from the skill's own operational logic.
  • Capability inventory: The skill has access to potentially high-impact tools including Bash, Read, and Glob (SKILL.md).
  • Sanitization: There is no evidence of validation or sanitization for the data retrieved via the MCP tools before it is presented to the user or used to determine next steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 10:06 PM