code-to-music
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by processing external data formats (MIDI and JSON) without boundary markers or sanitization. This could allow maliciously crafted files to influence agent behavior.\n
- Ingestion points:
scripts/midi_render.py(JSON),scripts/midi_utils.py(MIDI),scripts/audio_validate.py(audio files).\n - Boundary markers: Absent. There are no instructions to disregard embedded commands in processed data.\n
- Capability inventory:
scripts/midi_render.py(file creation and deletion),install.sh(system-wide package installation).\n - Sanitization: The provided scripts do not implement validation or escaping for the contents of the ingested files.\n- [PROMPT_INJECTION]: The
skill-report.jsonfile contains self-referential content specifically designed to influence security analysis. It claims the skill is legitimate and that any security findings are false positives, which is a common technique used to bypass automated and manual security reviews.\n- [COMMAND_EXECUTION]: Theinstall.shscript executes system-level commands, including package manager updates and installations (apt-get). These operations modify the host environment and require elevated permissions.\n- [EXTERNAL_DOWNLOADS]: During setup, the skill fetches system dependencies and Python packages from external official repositories, including the Debian/Ubuntu package archives and the Python Package Index (PyPI).
Audit Metadata