tuzi-article-illustrator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts data such as 'actual numbers, terms, metrics, and quotes' from untrusted article content and incorporates them into prompts for image generation.
- Ingestion points: Article files or pasted text processed in SKILL.md and references/workflow.md.
- Boundary markers: The prompt construction logic in references/prompt-construction.md lacks explicit delimiters or instructions to ignore embedded commands within the interpolated data.
- Capability inventory: The skill triggers image generation via the 'nano banana pro' skill and executes shell commands for file verification.
- Sanitization: No evidence of validation or filtering is present for the content extracted from articles before its use in prompts.
- [COMMAND_EXECUTION]: The workflow involves the execution of shell commands, specifically 'test -f', to verify the existence of configuration files (EXTEND.md) and reference images within the project and home directories as seen in SKILL.md and references/workflow.md.
Audit Metadata