Skills
skills/nwp/suno-song-creator-plugin/Suno Song Creator/Gen Agent Trust Hub

Suno Song Creator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The template in utils/quality-review-prompt.md interpolates untrusted user input into instructions for a sub-agent.
  • Ingestion points: Untrusted data enters the agent context through the {prompt_text_no_blank_lines} and {lyrics_text_with_meta_tags} placeholders in utils/quality-review-prompt.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present to isolate the user content.
  • Capability inventory: The downstream sub-agent possesses read and grep tool capabilities, which could be abused to access sensitive local files if an injection occurs.
  • Sanitization: The skill lacks security-focused sanitization or escaping for the user-provided music prompts and lyrics.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:09 PM