ai-music-generation
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides links to the vendor's GitHub repository for the installation of the required
infshCLI tool. - [COMMAND_EXECUTION]: The skill requests permission to execute the
infshtool with broad arguments to facilitate music generation tasks across multiple models. - [REMOTE_CODE_EXECUTION]: Recommends using
npxto dynamically add additional skills from the vendor's repository, which involves executing remote packages. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where user-provided text (prompts for music generation) is interpolated into tool inputs.
- Ingestion points: User prompts provided within JSON objects in the
infsh app runcommands (SKILL.md). - Boundary markers: Data is structured as JSON, which serves as a delimiter between command parameters and user content (SKILL.md).
- Capability inventory: The skill is restricted to using the
infshcommand (SKILL.md). - Sanitization: There is no evidence of explicit content sanitization or instructions to ignore embedded directives within the user-provided prompts.
Audit Metadata