ai-vision
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill correctly uses environment variables (ARK_API_KEY) and CLI flags for sensitive configuration.
- [EXTERNAL_DOWNLOADS] (SAFE): The project uses standard, reputable Node.js dependencies (commander, chalk, tsx). No suspicious remote script execution patterns (e.g., curl|bash) were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is a surface for indirect prompt injection as it ingests untrusted visual data (screenshots) which are then processed by an LLM.
- Ingestion points: Screenshots provided via the
--screenshotflag inscripts/ai_vision.ts. - Boundary markers: Not explicitly defined in the provided documentation or config files.
- Capability inventory: Performs network requests to external multimodal API providers.
- Sanitization: Not verifiable as the primary script source code was not included in the analysis.
Audit Metadata