The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to extract directory paths using the Bash tool with the command dirname $(dirname $TRACK_PATH). Since $TRACK_PATH is sourced from user-provided $ARGUMENTS, an attacker can perform command injection by providing a path that includes shell metacharacters (e.g., ;, |, or backticks), potentially leading to arbitrary code execution on the host system.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon data from untrusted local files.
Ingestion points: The agent reads the README.md from the album directory and a suno-preferences.md override file to define its prompting strategy and style.
Boundary markers: The instructions do not define any delimiters or safety markers to isolate the content of these external files from the agent's core instructions.
Capability inventory: The skill possesses extensive capabilities, including Bash, Write, and Edit tools, which could be abused if malicious instructions are encountered in the project files.
Sanitization: Content retrieved from project files is incorporated into the prompt generation workflow without validation or sanitization.
[SAFE]: The skill utilizes the bitwize-music-mcp tool, which is an internal resource belonging to the skill's author, bitwize-music-studio.

suno-engineer