core-resources
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill's core functionality relies on the execution of a local Python script
scripts/generate_images.pyto automate image generation. While the script is part of the skill's intended purpose, local script execution requires trust in the skill's source.- [Indirect Prompt Injection] (LOW): Thescripts/generate_images.pyscript reads markdown files from a user-specified directory and sends their content to an external AI model. This creates a vulnerability surface where malicious instructions embedded in those markdown files could influence the model's behavior. Evidence Chain: 1. Ingestion points: Reads files from the directory passed to--prompts-dir. 2. Boundary markers: None; the script extracts raw text from markdown files and passes it to the API. 3. Capability inventory: The script has file-write permissions to save images and network access to call the Gemini API. 4. Sanitization: Absent; the content is only stripped of specific headers but otherwise remains unvalidated.- [Credentials Unsafe] (SAFE): The script correctly usesos.environ.get('GEMINI_API_KEY')to retrieve sensitive credentials, avoiding hardcoded secrets within the codebase.
Audit Metadata