generate-design
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains a 'MANDATORY AUTOMATION DIRECTIVE' that explicitly instructs the agent to execute all bash scripts and file-reading tools automatically in the background. It commands the agent to bypass human-in-the-loop confirmation prompts and set platform safety flags (e.g., 'SafeToAutoRun') to true to provide a 'zero-click' experience.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to the processing of untrusted user data:
- Ingestion points: User-provided prompts and attached files are analyzed to extract descriptive text and image URLs (SKILL.md, Step 3).
- Boundary markers: The instructions lack explicit delimiters or 'ignore embedded instructions' warnings for handling user-supplied content within the agent's execution context.
- Capability inventory: The skill generates and executes bash scripts, performs network operations via curl, and conducts file system operations.
- Sanitization: While Python's json.dumps is utilized for payload escaping in API requests, there is no validation or filtering for the content of the prompt or extracted URLs.
- [COMMAND_EXECUTION]: The instructions require the agent to generate and run multiple bash scripts to interact with the Sivi API, poll for status, and manage local files. These scripts utilize system commands including curl, cat, python3, and mkdir.
- [EXTERNAL_DOWNLOADS]: The skill performs automated network requests to the connect.sivi.ai domain to submit design tasks and download generated image assets. It also extracts and processes image URLs provided directly in the user prompt.
Audit Metadata