photo-content-recognition-curation-expert
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The file 'references/photo-indexing.md' uses 'pickle.load()' in the 'load_cache' function. Deserializing data with 'pickle' is unsafe and can be used to execute arbitrary code if the cache file is replaced with a malicious one.
- PROMPT_INJECTION (LOW): The skill processes external image files and extracts text via OCR using 'pytesseract' in 'references/content-detection.md'. Evidence Chain: 1. Ingestion points: 'photo_paths' in 'QuickPhotoIndexer'. 2. Boundary markers: Absent. 3. Capability inventory: File-read and OCR capabilities. 4. Sanitization: Absent. This creates a surface for indirect prompt injection if extracted text is passed to an LLM.
- EXTERNAL_DOWNLOADS (LOW): The skill requires several machine learning libraries listed in 'CHANGELOG.md'. While many are from trusted sources like Hugging Face and PyTorch, use of unversioned dependencies presents a minor supply chain risk.
Audit Metadata