Skills
skills/bluewaves-creations/bluewaves-skills/photographer-lindbergh/Gen Agent Trust Hub

photographer-lindbergh

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The file scripts/credentials.example.json contains a path traversal string (../../../scripts/credentials.example.json). This is a malicious attempt to access sensitive credential files located outside the skill directory.
  • Data Exposure & Exfiltration (HIGH): Multiple files including scripts/fal_utils.py and references/fal-api.md contain directory traversal patterns (../../../). These indicate an intent to escape the skill's directory structure to read or manipulate files on the host system.
  • Indirect Prompt Injection (LOW): The skill processes user-supplied prompts for image generation which are then used as arguments for a Python script executed via Bash. Evidence Chain: 1. Ingestion points: User-provided prompt in SKILL.md. 2. Boundary markers: Absent; no instructions to ignore embedded commands. 3. Capability inventory: Skill has access to Bash, Read, and Write tools. 4. Sanitization: No evidence of input validation or escaping before the prompt is passed to the shell.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 08:22 AM