ai-studio-image
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided text to construct complex prompts for image generation, creating a surface for indirect prompt injection where a user might attempt to override the humanization logic.
- Ingestion points: User input is accepted via the
--promptand--customCLI arguments inscripts/generate.py. - Boundary markers: Absent. The
scripts/prompt_engine.pyscript assembles the final prompt using string concatenation and paragraph joining without delimiters or instructions to ignore embedded commands. - Capability inventory: The skill uses the
google-genailibrary to communicate with Google's cloud APIs and writes files to the localdata/outputs/directory. - Sanitization: No input validation, escaping, or filtering is implemented before the user's text is interpolated into the prompt templates.
- [DATA_EXPOSURE]: Hardcoded local directory paths (e.g.,
C:\Users\renat\skills\ai-studio-image\) belonging to the author are present in the documentation and script defaults. This reveals the structure of the author's local workstation but does not present a direct risk to users who configure their own environment variables.
Audit Metadata