Suno Song Creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Song Researcher sub-agent explicitly uses WebSearch/WebFetch to retrieve lyrics and annotations from public sites like Genius.com (and other web sources such as HookTheory, Ultimate Guitar, Spotify pages) and returns structured research that the main agent consumes to build prompts and lyrics, which exposes the agent to untrusted, user-generated third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The song-researcher sub-agent explicitly WebFetches external lyric pages at runtime (e.g., https://genius.com) to extract lyrics/structure that are directly injected into prompt-building and research outputs, making that external content a runtime dependency that controls agent prompts.