lyric-writer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external data sources used during the lyric writing and review process.
- Ingestion points: The agent is instructed to read track files from user-provided arguments in 'SKILL.md' and load style overrides from 'lyric-writing-guide.md' via the 'load_override' function.
- Boundary markers: There are no defined delimiters or instructions to ignore embedded commands, meaning the agent may treat malicious instructions inside a lyric file as authoritative.
- Capability inventory: The skill possesses 'Read', 'Edit', 'Write', 'Grep', and 'Glob' permissions, as well as the ability to trigger external skill invocations ('/bitwize-music:suno-engineer').
- Sanitization: No input validation or content filtering is implemented for data retrieved from the track files or override guides.
- [COMMAND_EXECUTION]: The skill performs automated cross-skill invocations as part of its standard operational workflow.
- Evidence: 'SKILL.md' specifies that after finalizing lyrics, the agent must automatically invoke the '/bitwize-music:suno-engineer' skill. Automated tool execution based on the state of potentially injected context increases the risk of chained exploitation if the agent is first compromised via an indirect prompt injection.
Audit Metadata