image-search
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script using
uv run. The documentation includes command templates that interpolate user-provided arguments, which requires the executing agent to handle sanitization to prevent shell injection. - [EXTERNAL_DOWNLOADS]: Fetches image data and files from several well-known services (SerpAPI, Unsplash, Pexels, Logo.dev) and processes user-provided URLs for direct download.
- [DATA_EXFILTRATION]: Includes instructions for the agent to read the user's Fish shell configuration file (
~/.config/fish/fish_variables) to retrieve API keys, which constitutes access to a sensitive configuration path in the user's home directory. - [PROMPT_INJECTION]: The skill processes untrusted search queries and captions that are subsequently used to generate Typst code output, presenting a surface for indirect prompt injection if the resulting documents are processed by other automated systems.
Audit Metadata