image-mining
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external data which presents an attack surface for indirect prompt injection. 1. Ingestion points: Data enters the agent context through mine.py and exif.py which read EXIF headers from image files and content from YAML sidecars. 2. Boundary markers: Absent. The PROTOCOL.md instructions do not provide specific delimiters or warnings for the agent to ignore instructions embedded within the image metadata fields. 3. Capability inventory: The skill includes the ability to write metadata back to the filesystem via exif.py (EXIF_WRITE, EXIF_INJECT) and interface with external LLM APIs via mine.py. 4. Sanitization: Absent. There is no documented logic for sanitizing or escaping the strings extracted from image files before they are interpreted by the agent.
- External Downloads (SAFE): The skill relies on exiftool, a reputable and standard system utility for metadata manipulation. The suggested installation methods (brew, apt) and listed dependencies (pyyaml, pillow) are standard for this domain and do not represent a security risk when obtained from official sources.
Audit Metadata