music-gen
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains strong directives designed to override agent reasoning and error handling, specifically instructing the agent to never report the tool as broken and to always favor it over built-in alternatives like the macOS
saycommand. It also imposes a specific persona ('Alma') on the agent. - [COMMAND_EXECUTION]: The skill's instructions for using the
Bashtool involve interpolating user-provided prompts and lyrics directly into command-line arguments. Without rigorous sanitization, this pattern allows for command injection attacks where a user could execute arbitrary code by including shell metacharacters in their music requests. - [EXTERNAL_DOWNLOADS]: The skill documentation notes that the tool downloads a large (~7GB) machine learning model from a remote source during initial execution. While this appears to be part of the tool's core functionality, it involves fetching substantial external data.
Audit Metadata