heartmula

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches source code from an external repository (github.com/HeartMuLa/heartlib.git) and downloads model checkpoints from Hugging Face. While Hugging Face is a well-known service, the execution of downloaded code from a non-whitelisted repository is a security concern.
  • [REMOTE_CODE_EXECUTION]: Executes Python scripts that are downloaded from a remote repository. The instructions also require the agent to manually apply patches to the source code, which involves injecting arbitrary logic into the executable files.
  • [COMMAND_EXECUTION]: Runs multiple shell commands including 'git clone', 'uv pip install', and 'python' to set up the environment and run the music generation model.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external, potentially untrusted data from 'lyrics.txt' and 'tags.txt' without specified sanitization.
  • Ingestion points: Lyrics and tags files specified via command-line arguments in 'SKILL.md'.
  • Boundary markers: None present in the instructions or command structures.
  • Capability inventory: Shell execution of Python scripts ('python ./examples/run_music_generation.py').
  • Sanitization: No evidence of input validation or sanitization is provided in the skill documentation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — heartmula