ai-music

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's inpaint/outpaint routes explicitly accept external audio URLs (see "Route 3" and "Route 4" examples with "audio": "https://your-cdn.example/...") and its Security & Privacy section even warns that source audio URLs are untrusted and can influence generation, so untrusted third-party content can materially affect tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill accepts user-supplied audio URLs (e.g., "https://your-cdn.example/song.mp3") that are fetched at runtime for the ACE Step audio-inpaint/outpaint endpoints and the fetched audio can embed steganographic or metadata instructions that directly influence model prompts/outputs.