article-illustration-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection. It ingests untrusted user article text to derive image generation prompts without any sanitization or boundary markers.
- Ingestion Point: Article text read in Step 2 of the workflow.
- Boundary Markers: None. The text is processed directly for context.
- Capability Inventory: Command execution via Bash and Python script execution.
- Sanitization: None detected. Malicious instructions within an article could hijack the agent's logic or the image generation parameters.
- [COMMAND_EXECUTION] (HIGH): The skill requires the execution of
scripts/article_to_html.py, which is referenced in the workflow but not included in the provided files. This represents unverifiable code execution that could perform unauthorized file or network operations. - [CREDENTIALS_UNSAFE] (MEDIUM): The usage guide instructs the agent to pass the
GOOGLE_API_KEYas a plaintext command-line argument to the Python script. This is an insecure practice as it can expose the key in system process lists or shell history files.
Recommendations
- AI detected serious security threats
Audit Metadata