photographer-lachapelle
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill provides a Bash command to execute a script ('scripts/fal_generate.py') that is not included in the provided file set, leading to the execution of unverified code.
- DATA_EXPOSURE (MEDIUM): The contents of several files consist of directory traversal paths ('../../../'), suggesting the skill attempts to interact with the host filesystem outside its designated directory. This could be exploited to read sensitive files if permissions are not restricted.
- CREDENTIALS_UNSAFE (LOW): The documentation instructs users to store sensitive API keys in a 'credentials.json' file or environment variables, which can lead to credential exposure if the agent or environment is compromised.
- PROMPT_INJECTION (LOW): The skill interpolates user-provided text directly into image generation prompts without sanitization or boundary markers, creating a surface for indirect prompt injection via tools that ingest untrusted data.
Audit Metadata