Skills
NYC
skills/erichowens/some_claude_skills/photo-composition-critic/Gen Agent Trust Hub

photo-composition-critic

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes user-supplied image files, creating a surface for indirect prompt injection.\n
  • Ingestion points: The image_path parameter in analyze_composition and compare_crops tools in references/analysis-scripts.md.\n
  • Boundary markers: Absent. There are no instructions to the agent to disregard potential instructions embedded in image data or metadata.\n
  • Capability inventory: The skill is allowed Bash, Read, Write, and Edit tools. The provided scripts write temporary files to /tmp.\n
  • Sanitization: Absent. The scripts use PIL.Image.open directly on the provided path without validation.\n- Command Execution (SAFE): The skill requires the Bash tool to execute Python scripts for image analysis. These scripts perform standard computational aesthetics tasks (e.g., centroid calculation, color harmony detection) and do not contain malicious code or shell injection vectors.\n- External Downloads (SAFE): The PhotoCritic class in references/analysis-scripts.md uses the clip library, which downloads pre-trained model weights from OpenAI. OpenAI is a trusted organization, and this download is a legitimate functional requirement for the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:02 PM