seo-image-gen
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user or agent to execute an installation script (
./extensions/banana/install.sh) and several Python scripts located in the skill's subdirectory (~/.claude/skills/seo-image-gen/scripts/presets.py,cost_tracker.py,generate.py). These scripts handle core logic such as brand presets and usage logging. - [REMOTE_CODE_EXECUTION]: The skill makes extensive use of the
Bashtool to perform system-level operations, including image conversion using themagick(ImageMagick) utility and running Python-based logic scripts. - [EXTERNAL_DOWNLOADS]: The skill requires an external extension named 'banana'. While the installation command targets a local path, it represents a dependency on external code that is not part of the standard environment or a verified package registry.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8). It allows the
WebFetchtool, which could be used to ingest untrusted data from URLs. This data could then be interpolated into the 'Reasoning Brief' constructed for the image generation tool. - Ingestion points: Data fetched via the
WebFetchtool or provided in the<description>argument. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when constructing the generation brief.
- Capability inventory: Access to
Bash,Write,WebFetch, and thegemini_generate_imagetool. - Sanitization: No evidence of sanitization or validation of the input description or fetched content before it is included in the prompt generation pipeline.
Audit Metadata