heartmula
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches source code from an external repository (github.com/HeartMuLa/heartlib.git) and downloads model checkpoints from Hugging Face. While Hugging Face is a well-known service, the execution of downloaded code from a non-whitelisted repository is a security concern.
- [REMOTE_CODE_EXECUTION]: Executes Python scripts that are downloaded from a remote repository. The instructions also require the agent to manually apply patches to the source code, which involves injecting arbitrary logic into the executable files.
- [COMMAND_EXECUTION]: Runs multiple shell commands including 'git clone', 'uv pip install', and 'python' to set up the environment and run the music generation model.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, potentially untrusted data from 'lyrics.txt' and 'tags.txt' without specified sanitization.
- Ingestion points: Lyrics and tags files specified via command-line arguments in 'SKILL.md'.
- Boundary markers: None present in the instructions or command structures.
- Capability inventory: Shell execution of Python scripts ('python ./examples/run_music_generation.py').
- Sanitization: No evidence of input validation or sanitization is provided in the skill documentation.
Audit Metadata