image-gen
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): The 'LIBRARY-FIRST PROTOCOL' mandates that the agent ingest code patterns from 'D:\Projects*' and 'EXTRACT' or 'ADAPT' them. This creates a high-risk surface for indirect prompt injection where untrusted files can control agent behavior. Evidence: (1) Ingestion points: 'D:\Projects*', '.claude/library/catalog.json'; (2) Boundary markers: Absent; (3) Capability inventory: Bash, Write, Glob, Grep, Read; (4) Sanitization: Absent.
- [Command Execution] (LOW): The skill uses the 'Bash' tool to run setup scripts and CLI commands. While a core feature, this is the primary vector for executing injected commands.
- [External Downloads] (LOW): The local setup command triggers a ~7GB model download from unverified remote sources at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata