make-song
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted user data into a command-line execution without explicit boundary markers or sanitization.
- Ingestion points: Untrusted data enters the agent context via the
--promptand--lyricsarguments inSKILL.md. - Boundary markers: No delimiters or instructions are provided to the agent to ignore instructions embedded within the user-provided lyrics or prompts.
- Capability inventory: The skill executes a system command using
pnpm neta, which represents a command execution capability. - Sanitization: There is no evidence of escaping, validation, or filtering of the external content before it is passed to the shell.
Audit Metadata