Skills
skills/aigne-io/doc-smith-skills/doc-smith-images/Gen Agent Trust Hub

doc-smith-images

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Node.js dependencies from the public NPM registry and downloads generated image files from remote URLs using curl. These operations target trusted or vendor-specific infrastructure.
  • [COMMAND_EXECUTION]: Utilizes system commands such as node, npm, curl, and jq, along with the vendor-provided afs CLI tool. These are necessary for managing the skill's environment and executing its core automation logic.
  • [PROMPT_INJECTION]: Identified an indirect prompt injection surface where external document content is incorporated into AI generation prompts.
  • Ingestion points: scripts/generate.mjs and scripts/prompts/user.md (via the documentContent variable).
  • Boundary markers: Employs Markdown headers as delimiters within the prompt templates.
  • Capability inventory: The skill can write files to the local system and perform network downloads via curl.
  • Sanitization: No explicit sanitization or filtering of input content is performed before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 02:00 PM