Skills
skills/nexu-io/open-design/audio-jingle/Gen Agent Trust Hub

audio-jingle

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines an execution pattern in SKILL.md (Step 3) where shell commands are constructed by interpolating values from project metadata and user prompts. Specifically, the --model, --voice, and --prompt arguments are directly mapped to external inputs without escaping instructions, which could allow shell metacharacters to alter command behavior.
  • Evidence: node "$OD_BIN" media generate ... --model "<audioModel from metadata>" ... --prompt "<assembled prompt from Step 2>" in SKILL.md.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted project metadata and user-supplied scripts and uses them in a powerful subprocess execution without sanitization.
  • Ingestion points: Project metadata fields such as audioModel, voice, and user-provided script content used in the prompt argument are read into the agent context.
  • Boundary markers: There are no boundary markers or explicit instructions for the agent to ignore or escape embedded commands within the prompt data.
  • Capability inventory: The skill possesses the capability to execute shell commands via a subprocess call (node "$OD_BIN").
  • Sanitization: The instructions do not include any steps for the agent to validate, escape, or sanitize the content before it is passed to the command-line interface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 12:34 AM