suno-music
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing a local Python script (
generate_music.py) to handle API logic and file management. - [EXTERNAL_DOWNLOADS]: The script fetches MP3 audio files from Suno's delivery network and saves them to a user-specified local directory.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface typical of AI-integrated tools.
- Ingestion points: The
promptcommand-line argument ingenerate_music.pyaccepts arbitrary user text. - Boundary markers: No specific delimiters or safety instructions are wrapped around the prompt before it is sent to the external API.
- Capability inventory: The script performs network POST/GET requests and writes files to the disk.
- Sanitization: Filenames are sanitized for safe storage, but the prompt content itself is passed directly to the remote music generation service.
Audit Metadata