media-generation
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
agentcashpackage from the public NPM registry usingnpm install -g agentcash(rules/getting-started.md). - [REMOTE_CODE_EXECUTION]: Several commands utilize
npx agentcash@latest, which dynamically fetches and executes the most recent version of the package from a remote registry at runtime without version pinning (SKILL.md, rules/getting-started.md, rules/uploads.md). - [COMMAND_EXECUTION]: The skill frequently invokes shell commands including
npxfor API interactions andcurlfor binary file uploads to external storage (SKILL.md, rules/uploads.md). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it accepts untrusted text prompts from users to generate media (SKILL.md). These prompts are passed directly to CLI tools with network and execution capabilities. The following evidence was identified:
- Ingestion points: User-provided strings for the
promptfield in generation and edit requests (SKILL.md). - Boundary markers: None identified; instructions are interpolated directly into JSON payloads.
- Capability inventory: The agent utilizes
npx(command execution) andcurl(network operations) to process data. - Sanitization: No evidence of input validation, escaping, or filtering of user prompts before they are used in commands.
Audit Metadata