line-sticker-creator
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
findcommand to dynamically locate dependency scripts in the user's plugin cache directory. - [COMMAND_EXECUTION]: It executes local Python scripts using
uv runwith dynamically computed file paths, which could be exploited if the plugin directory is compromised. - [PROMPT_INJECTION]: User-provided character descriptions and themes are interpolated into image generation prompts without sanitization or boundary markers, creating a surface for indirect prompt injection.
Audit Metadata