book-cover-design
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the infsh CLI tool to interact with image generation models. This is an expected and primary function of the skill.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of auxiliary skills from the inference-sh/skills repository. These are verified vendor resources belonging to the skill's author.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through user-provided book descriptions. 1. Ingestion points: User-defined book summaries are used to form image generation prompts. 2. Boundary markers: No explicit delimiters or ignore-previous-instructions warnings are present in the examples. 3. Capability inventory: The skill has bash command execution capabilities via the infsh tool. 4. Sanitization: No sanitization or escaping of user input is demonstrated in the provided documentation.
Audit Metadata