collage-layout-expert
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: An extensive security audit of the skill's markdown files and code snippets revealed no malicious patterns, hardcoded secrets, or persistence mechanisms. The skill provides legitimate art-historical and mathematical references for creative tasks.\n- [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted Python packages for image processing, including
opencv-python,numpy,scipy,scikit-image,transformers,pot, andhnswlib. These are official, standard libraries in the data science ecosystem.\n- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it utilizes tools likefirecrawl_searchandWebFetchto ingest data from external web sources.\n - Ingestion points: Data enters the context via Firecrawl and WebFetch tools used for researching design techniques.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the provided files.\n
- Capability inventory: The skill is granted access to powerful tools including
Bash,Write, andEdit.\n - Sanitization: There is no evidence of input validation or content filtering for the data retrieved from external URLs.\n- [COMMAND_EXECUTION]: The skill has access to the
Bashtool and provides documentation for installing dependencies viapip. This tool use is consistent with the skill's advanced technical nature and does not involve any suspicious or unauthorized commands.
Audit Metadata