photo-collage-maker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or role-play markers detected.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file access or network exfiltration patterns found.
- [Unverifiable Dependencies] (SAFE): Uses trusted packages (Pillow, NumPy) from standard repositories.
- [Indirect Prompt Injection] (LOW): Skill ingests untrusted image data and text strings. Evidence: 1. Ingestion:
add_images,add_text(SKILL.md); 2. Boundary markers: None; 3. Capability: Image processing via Pillow; 4. Sanitization: Implicit via library-level image decoding. Finding downgraded to SAFE as this is the primary functionality of the skill.
Audit Metadata