Skills
skills/tangyang/skills/article-to-cover/Gen Agent Trust Hub

article-to-cover

Warn

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script (run_command.py) via a shell command in Step 4 of SKILL.md. It dynamically constructs a command string that includes a prompt generated from user-influenced data. This pattern is susceptible to argument injection if the input data contains characters that escape the JSON or shell quoting context.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection.
  • Ingestion points: The skill reads and analyzes untrusted data from articles, chat transcripts, and design briefs provided by the user (Step 1, SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands within the processed text.
  • Capability inventory: The skill has the ability to execute shell commands to perform image generation tasks (Step 4, SKILL.md).
  • Sanitization: The skill lacks mechanisms to sanitize or validate the external text before it is used to determine design directions and generate production instructions.
  • [EXTERNAL_DOWNLOADS]: The skill relies on the meitu-ai engine and associated scripts for its core functionality. While Meitu is a well-known service, the skill's reliance on a script located at a relative path (../meitu-ai/scripts/run_command.py) outside its own directory represents dynamic loading from a computed path.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 19, 2026, 04:53 PM