ai-multimodal
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): In
scripts/check_setup.py, the code modifies the Python search path (sys.path) to include a directory in the user's home folder (~/.claude/scripts) and attempts to import a module (resolve_env) from that location. Dynamic loading from computed paths outside the skill package is a security concern as it executes code from an unverified location. - Indirect Prompt Injection (LOW): The skill is designed to process and analyze untrusted external media including images, PDFs, audio, and video. This creates a surface for indirect prompt injection where an attacker could embed instructions within media content to influence agent behavior.
- Ingestion points: Media files processed via
scripts/gemini_batch_process.pyandscripts/document_converter.py(referenced in documentation). - Boundary markers: None explicitly defined in the provided setup scripts or reference documentation.
- Capability inventory: The skill has access to
Bash,Read,Write, andEdittools. - Sanitization: No evidence of input sanitization for media content before it is passed to the Gemini API.
Audit Metadata