Skills
skills/bitwize-music-studio/claude-ai-music-skills/suno-engineer/Gen Agent Trust Hub

suno-engineer

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to use the Bash tool to execute shell commands (dirname) involving variables derived directly from user input ($ARGUMENTS). This pattern is susceptible to command injection if the input contains shell metacharacters.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading content from external, untrusted sources.\n
  • Ingestion points: track file path, ${ALBUM_DIR}/README.md, and {overrides}/suno-preferences.md.\n
  • Boundary markers: None specified for the data read from external files to distinguish instructions from data.\n
  • Capability inventory: Read, Write, Edit, Bash, Grep, Glob.\n
  • Sanitization: No evidence of sanitization, validation, or escaping of the ingested file contents before they influence the agent's logic or are used in generated prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 12:01 AM