cover-image
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a shell command to execute a local Python script:
uv run ~/.claude/skills/_generate_image.py "<approved prompt>". This pattern is vulnerable to command injection if the variable, which is derived from user input, contains shell metacharacters like backticks or semicolons.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted user articles into command arguments.\n - Ingestion points: Articles provided by the user in the first step of the workflow.\n
- Boundary markers: None present to delimit untrusted article content from the prompt generation logic.\n
- Capability inventory: Uses the Bash tool to execute subprocesses via
uv.\n - Sanitization: No automated sanitization of the generated prompt is described; it relies on manual user approval which may not catch technical injection attacks or obfuscated shell commands.
Audit Metadata