lyric-writer
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an 'Override Support' mechanism in
SKILL.mdthat loads instructions from an external file (lyric-writing-guide.md) and explicitly directs the agent that 'preferences take precedence if conflicting'. This design allows external content to potentially override the skill's core guidelines and safety logic if the override file is compromised. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through its data ingestion workflow:
- Ingestion points: Untrusted data enters the agent context through the reading of track files and the
lyric-writing-guide.mdfile (referenced inSKILL.md). - Boundary markers: The skill lacks explicit delimiters or instructions to treat ingested file content as data rather than instructions, particularly when applying 'preferences' from the override file.
- Capability inventory: The agent possesses powerful filesystem tools (
Read,Edit,Write,Grep,Glob) and a custom toolbitwize-music-mcpwhich could be misused if the agent's logic is hijacked. - Sanitization: There is no mention of sanitizing or validating the content of the external files before they are processed by the model.
Audit Metadata