Art
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill contains an Indirect Prompt Injection surface where untrusted user input is interpolated directly into a shell command template. * Ingestion points: User-provided image descriptions (e.g., 'diagram showing the auth flow') are placed into the '[PROMPT]' placeholder. * Boundary markers: The placeholder is wrapped in double quotes in the bash command, which provides minimal protection but does not prevent shell breakout via backticks or command substitution. * Capability inventory: The skill has the capability to execute shell commands via the
bun runcommand, which could be exploited to run arbitrary code. * Sanitization: There is no evidence of input sanitization or validation to filter shell metacharacters before the command is executed. - [COMMAND_EXECUTION] (LOW): The skill performs local command execution of a TypeScript file (
Generate.ts) using the Bun runtime. While this is the intended functionality of the skill, it relies on the integrity of the local script and the proper handling of environment variables found in$PAI_DIR/.env.
Audit Metadata