image-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
analyze_imagetool accepts animage_urlparameter which is fetched by the system. This functionality creates a surface for Server-Side Request Forgery (SSRF), as an attacker could potentially provide URLs targeting internal network resources if the underlying vision service does not implement strict URL validation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external content.
- Ingestion points: Untrusted data enters the agent context via the
image_url(external remote content) andimage_path(workspace file content) parameters handled inhandler.ts. - Boundary markers: There are no explicit markers or instructions to the LLM to ignore or isolate instructions that may be visually embedded or OCR-readable within the images being analyzed.
- Capability inventory: The handler uses the
VisionServiceto perform image analysis. The resulting analysis is returned to the agent, where it could potentially influence subsequent tool calls or reasoning steps if the image contains adversarial instructions. - Sanitization: No explicit sanitization of the user-provided prompt or the fetched image data is present in the handler logic.
Audit Metadata