image-creator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it uses untrusted user input to derive the core content of image generation prompts.
- Ingestion points: User-provided 'Post copy or visual direction' gathered in the Input Gathering section of
SKILL.md. - Boundary markers: The prompt formula in Step 3 (
[Subject/Scene] + [Style Directive] + ...) does not use delimiters or explicit 'ignore instructions' markers to wrap the content derived from user input. - Capability inventory: The skill utilizes the
generate_imagetool (via nanobanana MCP) and has file-system write permissions for thecreative-memory/directory andimages/folder. - Sanitization: Although Step 1 transforms input into 'visual keywords', there is no explicit filtering or sanitization process to detect or remove instructional text embedded within the user's provided copy.
Audit Metadata