ugc-content-factory
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill includes a shell script test-fal-api.sh for testing the API connection and instructions in MODULE_D_ENGINEER.md to use curl. Shell execution by an agent is a risk factor.
- EXTERNAL_DOWNLOADS (LOW): Network requests are made to fal.run and queue.fal.run, which are not on the trusted domain whitelist. While core to the skill, these domains are external and unverified.
- PROMPT_INJECTION (LOW): The skill has an indirect prompt injection surface (Category 8).
- Ingestion points: SKILL.md and references/CHARACTER_LIBRARY.md request image URLs from the user.
- Boundary markers: No markers are present to prevent the agent from following instructions embedded in the external data.
- Capability inventory: The agent is directed to use curl for API calls using user-provided data.
- Sanitization: There is no explicit validation or sanitization of user-provided URLs.
Audit Metadata