beaver-xhs-images
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a complex workflow tool that manages content transformation and image generation. No malicious patterns were identified during the audit.
- [COMMAND_EXECUTION]: Employs safe, read-only shell commands (test -f) to detect the presence of preference files (EXTEND.md) in local and home directories. This behavior is restricted to session initialization and does not involve elevated privileges or unsafe parameters.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection as it ingests and processes untrusted user content to build prompts for other AI models.
- Ingestion points: User-provided text or markdown files in Step 1.
- Boundary markers: Input data is encapsulated within a defined Content block in the final prompt template.
- Capability inventory: File system access (restricted to specific subdirectories), shell command execution (limited to file existence checks), and downstream tool invocation.
- Sanitization: Content is utilized as provided without specific escaping, which is common in prompting workflows.
Audit Metadata