vision-multimodal
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill has a high-severity vulnerability surface because it ingests untrusted data from external sources and possesses extensive system capabilities.
- Ingestion points: Processes local images and PDFs, as well as remote content via URL fetching (SKILL.md).
- Boundary markers: Absent. The code samples demonstrate direct interpolation of data into the model context without delimiters or safety framing.
- Capability inventory: Includes
Bash,Read,Write,Edit,Glob,Grep,Task, andWebFetch. - Sanitization: No evidence of sanitization or content filtering for OCR text or visual data.
- [Command Execution] (MEDIUM): The skill explicitly allows the
Bashtool. While standard for some tasks, its presence significantly escalates the risk of RCE if the agent is manipulated by instructions embedded in a processed image or document.
Recommendations
- AI detected serious security threats
Audit Metadata