logo-creator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The scripts 'scripts/remove_bg.py' and 'scripts/vectorize.py' use 'grep' via 'subprocess.run' to access and read the user's sensitive shell configuration file (~/.zshrc) to extract API keys.\n- [COMMAND_EXECUTION] (MEDIUM): The workflow in 'SKILL.md' instructs the agent to interpolate user-provided strings (brand name, style) directly into shell command lines, which is highly vulnerable to command injection if the user provides input containing shell metacharacters.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill makes network requests to 'api.remove.bg' and 'api.recraft.ai' to process image data; these are non-whitelisted external domains.\n- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection as it processes untrusted user data without sanitization.\n
- Ingestion points: User inputs for style, brand, and description in SKILL.md used to form prompts.\n
- Boundary markers: Absent.\n
- Capability inventory: Shell command execution and subprocess calls in Python scripts.\n
- Sanitization: None detected.
Recommendations
- AI detected serious security threats
Audit Metadata