album-dashboard
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): Vulnerability surface identified where the skill ingests data from local album files. 1. Ingestion points: Reads content from README.md, RESEARCH.md, and SOURCES.md via the Read tool. 2. Boundary markers: Absent; no delimiters or warnings provided for external content. 3. Capability inventory: Uses Read, Glob, Grep, and MCP tools. No file-write, network, or command execution capabilities found. 4. Sanitization: Absent; content is processed directly for dashboard generation. Risk is considered safe as reading files is the primary intended purpose and no dangerous actions can be triggered.
Audit Metadata