cardiology-visual-system
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): scripts/gemini_infographic.py recursively searches parent directories for .env files to retrieve the GEMINI_API_KEY. This automated scanning of sensitive file paths is a risk factor for unintentional credential exposure. |
- [COMMAND_EXECUTION] (LOW): scripts/convert_slides.sh executes the marp CLI and shell utilities like awk. While input variables are quoted to mitigate shell injection, it represents an execution surface for local tools. |
- [EXTERNAL_DOWNLOADS] (LOW): The skill suggests installation of third-party dependencies (google-genai, marp-cli) and loads the Plotly library from a remote CDN in its demo outputs, though it includes subresource integrity. |
- [PROMPT_INJECTION] (LOW): Category 8: The infographic generation script interpolates user-controlled topics and prompts into templates without sanitization. Evidence: (1) Ingestion: --topic and --prompt arguments. (2) Boundaries: Absent. (3) Capabilities: Image generation via Gemini API. (4) Sanitization: None.
Audit Metadata