card-news-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted user-provided topics and text to generate images, creating a surface for indirect prompt injection.
- Ingestion points:
auto_generator.py(reads fromsys.stdin) andinteractive_generator.py(reads frominput()). - Boundary markers: Absent; user content is interpolated directly into the image generation logic without delimiters or safety instructions.
- Capability inventory: File system write operations (generating PNG images) in the
/mnt/user-data/outputsdirectory. - Sanitization: No evidence of input escaping or validation for the text rendered into images.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill relies on the 'Pillow' library for image processing. Installation instructions use the standard
pip installmethod. No remote scripts are downloaded or executed. - Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access (e.g., SSH keys), or network-based exfiltration patterns were detected in the analyzed scripts.
- Privilege Escalation (SAFE): While the documentation mentions
sudo apt-getfor font installation, the scripts themselves do not attempt to escalate privileges or perform unauthorized system modifications. - Command Execution (SAFE): No use of
eval(),exec(), or dangeroussubprocesscalls with untrusted input was identified. File system operations are limited to creating the output directory and saving images.
Audit Metadata