image-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill reads the 'bridge-config.json' file from the local filesystem to discover vision provider configurations and API keys.
- [EXTERNAL_DOWNLOADS]: The 'analyze_image' tool can fetch image data from arbitrary remote URLs provided by the user.
- [DATA_EXFILTRATION]: The skill can read files in the workspace via the 'image_path' parameter; without strict path validation, this could be used to expose sensitive project files.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). (1) Ingestion points: 'image_url' and 'image_path' parameters allow untrusted data into the analysis pipeline. (2) Boundary markers: No delimiters or instructions are used to isolate image content from the analysis prompt. (3) Capability inventory: The skill possesses file read access and outbound network connectivity. (4) Sanitization: No explicit validation or escaping is performed on URLs or file paths before processing.
Audit Metadata