creative-image-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill follows a workflow that reads untrusted external data which can influence its behavior.
- Ingestion points: The skill explicitly reads local files at
.claude/ads-agent/config/briefs/{account}.md(Step 2). - Boundary markers: There are no delimiters or instructions provided to the agent to ignore any embedded commands or adversarial instructions within these brief files.
- Capability inventory: The skill utilizes the
generate_creative_imageandexpand_to_storiesMCP tools, which result in file creation on the local system. - Sanitization: No validation or sanitization of the content from the brief files is performed before it is used to populate tool parameters.
- [Unverifiable Dependencies] (LOW): The skill requires the installation of the
google-generativeaiPython package. While this is a trusted package from a verified organization (Google), the request to install external code at runtime is noted. Per [TRUST-SCOPE-RULE], this is downgraded to LOW/INFO.
Recommendations
- AI detected serious security threats
Audit Metadata