Skills
skills/jubscodes/get-shit-pretty/art/Gen Agent Trust Hub

art

Warn

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill process involves spawning a sub-agent to draft art and then executing that code via node -e in the terminal. This creates a direct path for arbitrary code execution on the host machine using the Bash tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted user input to define the art's subject and mood, which is then used by a sub-agent to generate executable code.
  • Ingestion points: User vision/intent input gathered in Step 1 (SKILL.md).
  • Boundary markers: None identified; user input is passed directly to the art generation process.
  • Capability inventory: The skill uses the Bash tool to run node -e and the Agent tool to spawn sub-agents across all scripts (SKILL.md).
  • Sanitization: No evidence of input validation, escaping, or sandboxing for the generated JavaScript code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 07:13 PM