visual-content
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The technical implementation dynamically modifies the Python search path (
sys.path) to load aniconsmodule. The path is derived from theBRAND_CONTENT_DESIGN_DIRenvironment variable or hardcoded fallback paths (e.g.,~/.claude/plugins/marketplaces/camoa-skills/). Dynamic loading from computed paths is a security risk as it allows the execution of code from directories determined at runtime. - [EXTERNAL_DOWNLOADS]: The skill utilizes
cairosvg.svg2png, which accepts a URL as an input parameter. This allows the skill to fetch and process remote SVG resources from the internet during the visual content generation process, potentially exposing the system to untrusted external data. - [PROMPT_INJECTION]: The skill processes untrusted data from multiple external files, creating a surface for indirect prompt injection.
- Ingestion points: Data is read from
canvas-philosophy.md,style-constraints.md,brand-philosophy.md, andcontent-outlineas specified inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing these files.
- Capability inventory: The skill has the capability to generate PDF and PPTX files and execute image conversion logic as seen in
references/technical-implementation.md. - Sanitization: No sanitization or validation of the text content extracted from the input files is performed before it is processed for rendering.
Audit Metadata