creating-profile-images
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill incorporates untrusted user input into generated prompts and local files, creating a minor injection surface. 1. Ingestion points: User-provided motifs, colors, and atmospheres collected in the SKILL.md workflow. 2. Boundary markers: Absent; PROMPT_TEMPLATE.md uses direct interpolation without delimiters or instructions to ignore embedded commands. 3. Capability inventory: File system write access to the 'output/profile-sns/' directory for prompts and images. 4. Sanitization: No input validation or filtering is performed on user inputs.
- [REMOTE_CODE_EXECUTION] (SAFE): No package installations or remote script executions were detected.
- [DATA_EXFILTRATION] (SAFE): The skill does not access sensitive local files or perform network operations.
- [PROMPT_INJECTION] (SAFE): No evidence of direct system prompt override attempts or safety filter bypass instructions was found.
Audit Metadata