acestep
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interfaces with a local script
tools/music_gen.pyto perform various audio tasks including generation, stem extraction, and style transfer. It facilitates this through standard shell commands with user-defined parameters. - [SAFE]: Credential management is handled securely by requiring users to define
RUNPOD_API_KEYandRUNPOD_ACESTEP_ENDPOINT_IDin a.envfile, adhering to secret management best practices. - [SAFE]: The skill uses localized temporary file storage (
/tmp/lyrics.txt) for processing multi-line user input, which is a standard and safe method for handling transient data. - [PROMPT_INJECTION]: The skill processes user-provided prompts and lyrics as command arguments, creating a potential surface for indirect prompt injection. 1. Ingestion points: --prompt and --lyrics in SKILL.md. 2. Boundary markers: Absent in command-line examples. 3. Capability inventory: Subprocess execution of music_gen.py. 4. Sanitization: Not explicitly documented.
Audit Metadata