visual-style
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection via external asset processing.
- Ingestion points: The skill ingests untrusted data from external sources through the extraction workflows defined in
references/extractors/from-website.md(URL analysis),references/extractors/from-pdf.md(PDF brand guide parsing), andreferences/extractors/from-video.md(video keyframe analysis). - Boundary markers: The extraction prompts lack explicit instructions or delimiters to isolate the source data from the analysis instructions, or to ignore any natural language commands hidden within the source documents.
- Capability inventory: The extracted content is used to populate the
style_prompt_fullfield. This field is subsequently passed as a high-priority instruction to the HeyGen Video Agent connector (references/connectors/heygen-video-agent.md) and other design automation connectors, creating a vector for instructions from the source material to influence agent behavior. - Sanitization: The skill does not implement sanitization, filtering, or validation of the extracted design parameters to prevent the inclusion of malicious or unexpected prompt sequences.
Audit Metadata