dissect-brand
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands (
mkdir,curl,sips,cp) using variables derived from user-provided arguments and content fetched from external websites (e.g.,{output-dir},{company-slug},IMAGE_URL). This pattern creates a surface for command injection if these variables are not properly sanitized by the underlying execution environment.\n- [EXTERNAL_DOWNLOADS]: The skill usescurlto download image assets from arbitrary URLs discovered on external websites. While this is central to the skill's functionality, it involves fetching content from untrusted remote sources.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the web (viaWebFetch) to locate image assets and metadata. An attacker-controlled website could include malicious instructions in meta tags or page content designed to influence the agent's subsequent actions.\n - Ingestion points: External websites are loaded and parsed in Step 2 of
SKILL.mdto extract image URLs and metadata.\n - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed web data.\n
- Capability inventory: The skill has access to shell execution (
curl,sips,mkdir,cp) and file system operations.\n - Sanitization: The workflow does not specify any validation or sanitization of the URLs or strings extracted from websites before they are passed to shell commands.
Audit Metadata