musubix-ears-validation

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the agent to execute npx musubix, which involves downloading and running the musubix package from the NPM registry at runtime.
  • [COMMAND_EXECUTION]: The skill includes instructions to run various subcommands of the musubix CLI tool (validate, analyze, map) against local files to perform requirement analysis.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted requirement files.
  • Ingestion points: Requirement files passed to CLI commands in SKILL.md.
  • Boundary markers: None identified.
  • Capability inventory: Subprocess calls via npx in SKILL.md.
  • Sanitization: No explicit sanitization or validation of the requirement file content is described before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 04:47 AM
Security Audit — agent-trust-hub — musubix-ears-validation