character-reference-sheet
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill ingests untrusted data from web searches and user images. 1. Ingestion points: Web search results and image analysis in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory:
search_weband image generation tools. 4. Sanitization: Absent. The risk is considered SAFE as the skill lacks high-privilege capabilities like shell access or file system modification. - [Prompt Injection] (SAFE): No instructions to override system behavior or bypass safety filters were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not download external scripts or packages and does not use dynamic code execution.
Audit Metadata