compose
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs web searches to gather music theory analysis, genre characteristics, and live-coding examples (Step 1). This is a functional requirement for its research-driven composition process.
- [DATA_EXFILTRATION]: The skill reads project constants from 'src/constants/generationPresets.ts' to access BPM and key suggestions. This is a legitimate access to internal vendor source code used to provide context for the ACE-Step-DAW environment.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of untrusted web search results.
- Ingestion points: Web search results for genre and artist analysis (Step 1).
- Boundary markers: No explicit delimiters are specified to isolate external search data from the agent's internal instructions.
- Capability inventory: Generates Strudel DSL (JavaScript) code strings for musical output.
- Sanitization: The skill does not define specific validation or sanitization routines for the content retrieved from external websites.
Audit Metadata