image-to-diagram
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted image data (screenshots, photos) which serves as an ingestion point for potential malicious instructions embedded within the visual content.
- Ingestion points: Image analysis via vision model (SKILL.md).
- Boundary markers: Absent; there are no instructions to ignore or delimit text-based instructions found within the images.
- Capability inventory: File system write access to ~/Desktop/ for saving diagrams, and tool execution via the /reflex:ingest command.
- Sanitization: None specified; the agent is instructed to generate code directly from the image content.
Audit Metadata