movie-poster-graphics
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends using 'npx minibanana', which triggers the download and execution of a package from the npm registry that is not on the trusted vendor list.
- [COMMAND_EXECUTION]: The documentation provides explicit shell command examples (e.g., 'npx minibanana --model ...') intended for the agent to execute in its environment.
- [PROMPT_INJECTION]: The skill processes untrusted user input (CONCEPT_DESCRIPTION, TITLE, TAGLINE) and interpolates them into image generation prompts without explicit sanitization or boundary markers, creating a surface for indirect prompt injection.
Audit Metadata