photo-learning
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted image data through a vision model.
- Ingestion points: The
analyze_imagetool takes external image files as input via the image path provided by the user. - Boundary markers: There are no explicit delimiters or instructions provided to the vision model to disregard or treat with caution any text discovered within the image.
- Capability inventory: The skill is restricted to
analyze_imageandttstools. It does not have access to the file system (beyond reading the target image), network operations, or shell execution, which significantly limits the potential impact of a successful injection. - Sanitization: The output from the image analysis is used directly as the narration script for the
ttstool without a secondary safety filtering or validation step to check for inappropriate content generated by the vision model.
Audit Metadata