avatar-portrait
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected in the provided skill files.
- [PROMPT_INJECTION]: The skill uses clear instructional boundaries and prompt templates. No attempts to bypass safety guidelines, extract system prompts, or override agent behavior were found.
- [DATA_EXFILTRATION]: The skill references local file paths for input photos and output images. No network operations (e.g., curl, fetch) or hardcoded credentials were identified.
- [REMOTE_CODE_EXECUTION]: There are no commands for downloading external scripts or installing third-party packages. The skill relies on internal image generation capabilities.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: User-provided style and appearance descriptions are used to fill the prompt templates.
- Boundary markers: The templates use clear Markdown headers (e.g., ## STYLE REQUIREMENTS) to separate instructions from user-provided data.
- Capability inventory: The skill triggers image generation and file system writes for the output images.
- Sanitization: The skill instructions recommend human review of the generated output. The impact of untrusted data is confined to the visual content of the generated image.
Audit Metadata