Skills
skills/phrazzld/claude-config/og-hero-image/Gen Agent Trust Hub

og-hero-image

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection via untrusted local files.
  • Ingestion points: The skill reads brand-profile.yaml, .brand.yaml, tailwind.config.ts, and package.json from the current working directory.
  • Boundary markers: Absent. The content from these files is directly interpolated into the [BRAND], [COLORS], and [HEADLINE] fields of the image generation prompt.
  • Capability inventory: The skill can execute shell commands (cat, grep, jq), run external Python scripts (generate_image.py, multi_turn_chat.py), and write/modify project files (public/og-image.png, app/layout.tsx).
  • Sanitization: None. There is no escaping or validation of the data pulled from the configuration files before it is sent to the LLM.
  • COMMAND_EXECUTION (MEDIUM): The skill relies on executing scripts located at hardcoded paths in the home directory (~/.claude/skills/gemini-imagegen/scripts/). While common for tool ecosystems, combining this with unsanitized data ingestion increases the risk of the agent being tricked into executing commands with malicious arguments or performing unintended file writes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:25 AM