music-generation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The automated
install.shscript executes system commands to install required dependencies like FluidSynth, FFmpeg, and Python libraries through the standard package manager. - [COMMAND_EXECUTION]: The electronic rendering pipeline utilizes
subprocess.runto execute internal Python scripts for synthesis operations. - [PROMPT_INJECTION]: The
SKILL.mdfile contains instructions that attempt to constrain agent behavior by directing it to use specific file paths and forbidding the use of directory exploration or find commands. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from MIDI files and JSON structures.
- Ingestion points: Data enters the system via
midi_inventory.py(MIDI) andmidi_render.py(JSON). - Boundary markers: No explicit delimiters or warnings are used to separate data from instructions during processing.
- Capability inventory: The skill can write files to the system and execute local subprocesses.
- Sanitization: The implementation relies on standard library parsers (mido, json) and does not specifically filter for embedded natural language instructions.
Audit Metadata