ai-multimodal
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- Dynamic Execution (MEDIUM): The script
scripts/check_setup.pydynamically loads a module from the user's home directory (~/.claude/scripts/resolve_env.py) by modifyingsys.path. This pattern of dynamic loading from computed paths is a security risk if the file or path is compromised.\n- Indirect Prompt Injection (LOW): The skill processes untrusted media files (images, audio, video, PDFs) which can contain embedded instructions designed to manipulate the AI model's output.\n - Ingestion points: Files processed via
gemini_batch_process.pyanddocument_converter.py.\n - Boundary markers: Absent; the documentation does not mention delimiters or instructions to ignore embedded content.\n
- Capability inventory: Includes file writing, reading, and bash command execution tools.\n
- Sanitization: Not present; the skill treats media content as raw input for the Gemini models.\n- Data Exposure & Exfiltration (LOW):
scripts/check_setup.pydisplays a partial API key (24 characters). While used for verification, this exposes a significant portion of the secret in logs.
Audit Metadata