vgl
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides guidelines for structured data formatting without any autonomous execution of code or scripts.
- [DATA_EXFILTRATION]: The skill includes a documentation example of an API call to the vendor's own domain (bria-api.com) using an environment variable placeholder for authentication, which is considered a safe and standard implementation for its intended purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill defines an ingestion surface for processing user instructions into structured JSON. However, it lacks capabilities for subprocess execution, file writes, or network operations beyond formatting the image description, maintaining a safe posture.
- Ingestion points: User text prompts and editing instructions in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: None detected across scripts; the skill only outputs JSON.
- Sanitization: Output is constrained to a specific valid JSON schema.
Audit Metadata