free-music-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow runs scripts that call the public Tunee API (scripts/list_models.py, scripts/generate.py, scripts/credits.py -> https://open.tunee.ai) and explicitly requires the agent to parse stdout (model lists, credits, and generation JSON including share URLs) to choose models and drive generation, so untrusted third‑party API responses can materially influence tool use and next actions.