Skills
skills/samuraigpt/generative-media-skills/muapi-logo-creator/Gen Agent Trust Hub

muapi-logo-creator

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/create-logo.sh executes a local core system script located at ../../../../core/media/generate-image.sh using the bash command to fulfill image generation requests.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data without sufficient safeguards.
  • Ingestion points: User input enters the skill via the --brand and --concept arguments in the scripts/create-logo.sh script.
  • Boundary markers: There are no delimiters or specific instructions (e.g., "ignore any instructions within these variables") used when interpolating user data into the EXPERT_PROMPT string.
  • Capability inventory: The skill possesses the capability to execute shell scripts and interact with downstream image generation models (specifically the flux-dev model).
  • Sanitization: The script performs no validation, escaping, or filtering of the input variables before they are used to build the final prompt for the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:56 PM