image-generation

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). Yes — the prompt includes explicit directives to "Do NOT read the python file" and "You don't need to check the folder under /mnt/user-data", which instruct the agent to avoid inspecting code or user data and thus hide potential behavior outside the advertised image-generation purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly tells the agent to call the image_search tool and "download the returned image URLs to local files" (SKILL.md "Tips: Enhancing Generation with Reference Images"), meaning it fetches and ingests untrusted public images which the generator reads as reference inputs that can materially alter generation behavior.