fanpage-article-writer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable because it ingests untrusted data from WebSearch and PubMed (Step 1) and uses it to influence the execution of a local script (generate_image.py). Evidence: 1. Ingestion: WebSearch and PubMed search results in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Uses shell execution to run a local python script with arguments derived from search vibes. 4. Sanitization: Absent.
- Command Execution (HIGH): The agent is instructed to run a local Python script with arguments constructed from processed external text, which provides a direct path for command injection if the agent does not properly escape generated prompts.
- Metadata Poisoning (MEDIUM): Documentation contains sensitive administrative info (account emails and API expiry dates) and references non-existent model versions (Gemini 2.5), which may lead to unpredictable behavior.
- External Downloads (LOW): Depends on google-genai and pillow. While these are from a trusted organization (Google), they represent an external dependency. [TRUST-SCOPE-RULE] applied.
Recommendations
- AI detected serious security threats
Audit Metadata