image-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill includes instructions that attempt to limit the agent's visibility into its own environment, such as '[!NOTE] Do NOT read the python file' and 'You don't need to check the folder under /mnt/user-data'. These directives resemble obfuscation or bypass patterns designed to prevent security auditing of the skill's logic.
- Indirect Prompt Injection (LOW): The workflow utilizes the
image_searchtool to fetch external images which are then processed by the generation script. - Ingestion points: External image files and user-provided prompt data.
- Boundary markers: The skill uses JSON formatting for prompts but lacks explicit 'ignore embedded instructions' markers for data retrieved from the web.
- Capability inventory: The
generate.pyscript performs file reads/writes and network POST requests to a Google API. - Sanitization: The script uses
PIL.Image.openandimg.verify()to ensure image file integrity, but no text-based sanitization is performed on user inputs or potential metadata from external images.
Audit Metadata