facehash
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill recommends installing the
facehashpackage via npm/yarn. Sincefacehashis not from a predefined trusted organization, it is considered an unverifiable dependency. However, this is the primary purpose of the skill, resulting in a downgrade to LOW. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through data processing.
- Ingestion points: The
nameproperty of the<Facehash />component (SKILL.md). - Boundary markers: Absent; no delimiters or warnings for the agent to ignore instructions embedded in the
namestring are provided. - Capability inventory: Limited to UI rendering and React/Next.js component usage; no file-system, subprocess, or network capabilities are demonstrated in the snippets.
- Sanitization: Absent; the usage examples do not show input validation or sanitization for the name string before it is processed by the library.
Audit Metadata