article-figure-spot
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (MEDIUM): The skill is instructed to load credentials from .env files in both the current working directory and the skill's directory. Accessing sensitive files containing API keys is a high-risk activity, though it is tied to the skill's primary function of calling the OpenAI API.
- COMMAND_EXECUTION (LOW): The skill relies on executing a local Node.js script (scripts/generate-image.mjs) to perform image generation. This is an intended capability but grants the agent command execution power over the local environment.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted article content to generate downstream prompts and filenames.
- Ingestion points: Article content loaded from file paths or pasted text in SKILL.md (Step 1).
- Boundary markers: Absent; there are no specific instructions to delimit or ignore instructions within the source text.
- Capability inventory: Execution of a Node.js script and file system write operations across all provided files.
- Sanitization: Absent; the skill does not specify any validation or sanitization of the article content before using it to generate prompts or filenames.
Audit Metadata