cyberelements-image2article
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (MEDIUM): Potential for Indirect Prompt Injection via vision analysis.
- Ingestion points: The
[image|url]and[path_or_url]parameters in the/cyberelements-image2articlecommand defined in SKILL.md. - Boundary markers: Absent. The skill lacks instructions for the agent to ignore or isolate textual content found within images (e.g., text on screens, posters, or notes).
- Capability inventory: The skill utilizes
view_filefor local file access and URL fetching for remote assets, with the ability to generate up to 2000 words of output based on these inputs. - Sanitization: Absent. There is no filtering or verification of the content extracted from images before it is used to generate the final article.
- DATA_EXFILTRATION (LOW): Risk of Server-Side Request Forgery (SSRF).
- The skill's ability to fetch and analyze images from user-supplied URLs could be exploited to probe internal network services or metadata endpoints if the agent environment is not properly network-isolated.
Audit Metadata