visual-extractor
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through user-uploaded brand assets.
- Ingestion points: The skill ingests untrusted data in the form of user-uploaded images (logos, screenshots, ads) during the asset collection phase.
- Boundary markers: There are no explicit boundary markers or instructions to the model to ignore potential commands embedded within the visual content of the images.
- Capability inventory: The skill has the capability to write to the local file system, specifically creating and updating markdown files in the
creative-memory/directory. - Sanitization: The skill lacks explicit sanitization or verification steps to ensure that text extracted from images does not contain malicious instructions before it is written to the guideline files.
Audit Metadata