brand-assets
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. 1. Ingestion points: The skill reads from local sources including 'git log' output, blog post drafts, and 'product-hunt-kit.md' as specified in 'SKILL.md'. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to isolate the content of these external files. 3. Capability inventory: The skill executes shell commands via 'node' to render images using the 'cli.js' tool. 4. Sanitization: No escaping, validation, or filtering is defined for the content interpolated into the command line arguments like '--title' and '--author'.
- [COMMAND_EXECUTION]: The skill invokes a local Node.js CLI tool at '~/Development/brand-kit/dist/src/cli.js'. There is a risk of command injection because parameters derived from untrusted local files are passed directly to the shell without sanitization, potentially allowing an attacker who can modify those files to execute arbitrary commands.
Audit Metadata