segment-image
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/segment.tsutilizes dynamic module loading with computed paths. It resolves thePLUGIN_ROOTby checking theGEMSKILLS_ROOTenvironment variable and reading the user's plugin configuration file at~/.claude/plugins/installed_plugins.json. This mechanism allows for the execution of code located at paths determined at runtime.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The skill accepts an image path and a user-provided prompt string via the--promptflag inscripts/segment.ts. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are used when passing data to the vision model. 3. Capability inventory: The script has the capability to create directories and write files to the local filesystem usingmkdirandwriteFileinscripts/segment.ts. 4. Sanitization: The script performs regex-based sanitization on output filenames to remove non-alphanumeric characters, but does not sanitize the prompt or image data itself.
Audit Metadata