visual-creator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with ByteDance's Volcengine API (
ark.cn-beijing.volces.com) to generate AI images. It then downloads the resulting image using standard HTTP requests. This is a well-known service and the behavior is essential for the skill's purpose. - [CREDENTIALS_UNSAFE]: The skill requires a
DOUBAO_API_KEYto function. It implements a secure retrieval pattern by checking environment variables and configuration files, avoiding hardcoded secrets by using explicit placeholders. - [COMMAND_EXECUTION]: The skill performs local file system operations, including creating output directories and saving/copying image files. It includes a
sanitize_filenamefunction that removes special characters and restricts length, effectively mitigating directory traversal and filename injection risks. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because user-provided content (titles and subtitles) is interpolated into the prompts sent to the external image generation service. However, since the output is a static image and the skill uses specific templates for layout, the risk of agent takeover is negligible.
- [SAFE]: The skill uses
yaml.safe_loadfor parsing template configurations, preventing arbitrary code execution during template processing. It also limits directory traversal when searching for project folders by implementing a maximum search depth.
Audit Metadata