image-generation

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). Yes — the prompt includes explicit directives to "Do NOT read the python file" and "You don't need to check the folder under /mnt/user-data", which instruct the agent to avoid inspecting code or user data and thus hide potential behavior outside the advertised image-generation purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs using the image_search tool to find and download arbitrary public image URLs (e.g., "image_search(query=...)" and "Download the returned image URLs to local files" such as /mnt/user-data/uploads/) which are then read/encoded by scripts/generate.py as reference images and incorporated into the generation workflow, exposing the agent to untrusted third-party content.