Skills
skills/krishagel/geoffrey/image-gen/Gen Agent Trust Hub

image-gen

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill is designed to retrieve sensitive information, such as API keys, from specific local paths outside the skill's own directory.
  • Evidence: SKILL.md instructs the environment setup to source from ~/Library/Mobile Documents/com~apple~CloudDocs/Geoffrey/secrets/.env.
  • Evidence: All scripts (generate.py, edit.py, compose.py) attempt to load a secrets.py module from a path reaching four levels above the script directory (../../../../scripts/secrets.py).
  • [COMMAND_EXECUTION]: The generate.py script utilizes dynamic Python module loading to execute logic from computed filesystem paths.
  • Evidence: The script uses importlib.util.spec_from_file_location to dynamically load both the global secrets module and brand-specific scripts (brand.py) based on the --brand argument.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection where malicious instructions could be hidden within images processed by the vision model.
  • Ingestion points: scripts/edit.py ingests an input image, and scripts/compose.py ingests up to 14 reference images via the --refs flag.
  • Boundary markers: Absent. The instructions do not include delimiters or specific warnings to the model to ignore instructions embedded within the image data.
  • Capability inventory: The skill is granted Bash, Read, and Write permissions. The Python scripts perform file system operations (read/write) and network requests to the Gemini API.
  • Sanitization: Absent. There is no pre-processing or validation of the image content to detect or neutralize embedded text instructions before they are processed by the Gemini model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 08:54 PM