Skills
skills/touricks/fanshi_personal_skills/scientific-slides/Gen Agent Trust Hub

scientific-slides

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The script scripts/generate_slide_image.py provides a surface for Indirect Prompt Injection by accepting arbitrary user input in the prompt and attachments arguments and passing them to an AI generation workflow.\n
  • Ingestion points: The prompt and attachments arguments in scripts/generate_slide_image.py.\n
  • Boundary markers: None identified in the provided wrapper script.\n
  • Capability inventory: Local script execution via subprocess.run and network communication via the OpenRouter API.\n
  • Sanitization: The script does not perform sanitization or validation of the prompt content.\n- COMMAND_EXECUTION (LOW): The script scripts/generate_slide_image.py uses subprocess.run to execute a local Python script (generate_slide_image_ai.py). While parameters are passed safely as a list to mitigate shell injection, it invokes a local file not included in the analyzed set.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 07:35 AM