huashu-image-upload
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script located at
/Users/alchain/Documents/写作/tools/upload_image.pyusingpython3via shell commands. While this is a functional part of the skill, hardcoded absolute paths to a specific user directory create a dependency on local environment security. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through the ingestion of external data. 1. Ingestion points: The agent fetches URLs and metadata from external sources like Wikimedia Commons, Google Arts & Culture, and stock photo sites via WebFetch. 2. Boundary markers: There are no delimiters or warnings to ignore instructions embedded in retrieved data. 3. Capability inventory: The skill can execute local shell commands and read local file paths. 4. Sanitization: No sanitization is performed on external URLs or descriptions before they are used as arguments in command execution.
Audit Metadata