song-lyrics
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's core function involves gathering external songwriting insights, which introduces a vulnerability surface if the sourced data contains hidden instructions.
- Ingestion points: The skill instructions in SKILL.md require the agent to 'research and gather insights' from external sources.
- Boundary markers: No delimiters or instructions are provided to distinguish external content from the agent's internal logic.
- Capability inventory: The skill is restricted to presenting information and lacks high-risk capabilities such as file modification, command execution, or network exfiltration.
- Sanitization: The instructions do not specify any validation or sanitization of the retrieved external content.
Audit Metadata