visual-explainer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its document processing and web fetching capabilities.\n
- Ingestion points: The tool ingests content from local files (Markdown, PDF, DOCX) and fetches data from arbitrary remote URLs provided by the user.\n
- Boundary markers: There are no explicit delimiters or system instructions defined to isolate the ingested content or warn the model to ignore embedded instructions within the source material.\n
- Capability inventory: The skill utilizes
Bashfor system commands,Writefor file creation, andWebFetchfor network requests, providing a significant surface for an injection-led attack.\n - Sanitization: No evidence of content-level sanitization or filtering is provided for the ingested text before it is processed by the Gemini and Claude models.\n- [COMMAND_EXECUTION]: The skill executes shell commands to install required Python libraries and run the local
visual_explainermodule with various user-controlled parameters.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install several third-party Python dependencies (google-genai, anthropic, httpx, etc.) and performs network operations to fetch external content from user-supplied URLs.
Audit Metadata