hyva-render-media-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill contains clear, task-oriented instructions without any attempts to bypass safety filters or override agent behavior.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths (like SSH keys or AWS configs) are present. It focuses on public media assets within the
pub/media/directory of a Magento installation. - [Remote Code Execution] (SAFE): The skill provides documentation and snippets for PHP code generation but does not attempt to download or execute remote scripts or binary files.
- [Indirect Prompt Injection] (LOW): The skill accepts user input (image paths, alt text) to populate code templates. While there is a potential for a user to provide malicious strings for attributes like
alt, this is a standard risk for code-generation agents and the generated output is intended for developer review within a PHP template environment. - [Obfuscation] (SAFE): No hidden characters, Base64 encoding, or homoglyphs were detected in the instructions or reference files.
Audit Metadata