musubix-ears-validation
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the agent to execute
npx musubix, which involves downloading and running themusubixpackage from the NPM registry at runtime. - [COMMAND_EXECUTION]: The skill includes instructions to run various subcommands of the
musubixCLI tool (validate,analyze,map) against local files to perform requirement analysis. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted requirement files.
- Ingestion points: Requirement files passed to CLI commands in
SKILL.md. - Boundary markers: None identified.
- Capability inventory: Subprocess calls via
npxinSKILL.md. - Sanitization: No explicit sanitization or validation of the requirement file content is described before processing.
Audit Metadata