cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function involves ingesting untrusted data such as article titles and summaries to generate image prompts (see
references/workflow/prompt-template.md). - Ingestion points:
Article titleandContent summaryfields in the prompt template. - Boundary markers: Absent; untrusted content is interpolated directly after labels.
- Capability inventory: The resulting prompts are used to call image generation APIs which can consume tokens or produce inappropriate content.
- Sanitization: None detected. An attacker could provide a malicious title designed to override the visual instructions.
- [Data Exposure & Exfiltration] (LOW): The skill includes documentation and Python code (
references/workflow/qwen-api.md) that performs network operations todashscope.aliyuncs.com. While this is the intended functionality for the Qwen image generator, this domain is not on the trusted organization list. The code also utilizes theDASHSCOPE_API_KEYenvironment variable for authentication. - [Dynamic Execution] (SAFE): The Python code provided for image synthesis and resizing (using
PIL) uses standard, safe libraries and does not employeval(),exec(), or other dangerous dynamic execution patterns.
Audit Metadata