AI Character Reference Generation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted data (character descriptions and scenario details) directly into the image generation prompt template.\n
- Ingestion points: Variables such as CHARACTER_DESC, scenario.attire, scenario.scenario, scenario.pose, scenario.environment, scenario.lighting, and scenario.mood within the PROMPT_TEMPLATE in SKILL.md.\n
- Boundary markers: Absent. The template string concatenates variables without delimiters or explicit instructions to treat them as data rather than instructions.\n
- Capability inventory: The skill utilizes the replicate.run method across multiple scripts and templates to call external image generation models (Flux 1.1 Pro, nano-banana-pro, Ideogram v2).\n
- Sanitization: Absent. There is no evidence of input validation, filtering, or escaping for the user-controlled strings before they are incorporated into the final API prompt.
Audit Metadata