Skills
skills/tylersahagun/pm-workspace/visual-design/Gen Agent Trust Hub

visual-design

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to execute a local CLI utility for image generation tasks.
  • Evidence: The instructions guide the agent to use a tool located at ~/.claude/bin/nano-banana if the GEMINI_API_KEY environment variable is detected.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it incorporates content from external documents into its internal logic and prompts.
  • Ingestion points: Data is read from design-brief.md, competitive-landscape.md, and prd.md files within the pm-workspace-docs/initiatives/active/[name]/ directory.
  • Boundary markers: Absent. There are no specified delimiters or safety instructions to prevent the agent from obeying commands embedded within the input files.
  • Capability inventory: The skill can execute local commands via a CLI and perform file system write operations (e.g., creating visual-directions.md).
  • Sanitization: Absent. The skill does not describe any validation or escaping of the content retrieved from external documents before using it to generate prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 05:31 PM