photokit
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides external links to a non-official documentation mirror (sosumi.ai) rather than official developer documentation. This represents a potential surface for indirect prompt injection because an agent following these links could be exposed to untrusted content.
- Ingestion points: Multiple documentation links in 'references/av-playback.md' pointing to sosumi.ai.
- Boundary markers: Absent; the links are presented as authoritative resources without warnings.
- Capability inventory: The skill provides code for file system operations, network requests, and photo library access.
- Sanitization: None provided for the content of the external links.
Audit Metadata