creating-illustrations
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
pbcopycommand on macOS to copy generated prompts to the system clipboard (SKILL.md, Step 7). While functional, this involves direct interaction with system-level utilities.\n- [COMMAND_EXECUTION]: The workflow includes a file-writing step where the output pathoutput/illustration/{タイトル}.mdis constructed using a user-provided title (SKILL.md, Step 9). This creates a risk of path traversal if the user provides a title containing relative path sequences like../, potentially allowing files to be written outside the intended directory.\n- [PROMPT_INJECTION]: The skill presents a vulnerability surface for indirect prompt injection as it processes untrusted user input and interpolates it into prompts and file operations without sanitization.\n - Ingestion points: User input is collected via the
AskUserQuestiontool for six different prompt elements (SKILL.md, Step 3).\n - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are used when inserting user input into the
PROMPT_TEMPLATE.md.\n - Capability inventory: The skill has the capability to write to the local file system and execute the
pbcopycommand.\n - Sanitization: There is no evidence of sanitization, validation, or escaping of the input provided by the user before it is used in file paths or generated instructions.
Audit Metadata