wechat-red-envelope-cover-designer
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMNO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (MEDIUM): The skill is missing its primary executable script,
scripts/resize_cover.js, which is the main entry point defined inpackage.jsonand referenced throughout the README. Without this file, it is impossible to audit the script for safe handling of file paths, shell command construction, or potential remote downloads during the image processing and background removal phases. - [PROMPT_INJECTION] (MEDIUM): A high-risk surface for indirect prompt injection exists in
references/prompt-templates.md. * Ingestion points: Untrusted user-provided strings are directly interpolated into the[主题描述],[用户选择的风格], and[背景设计]variables within the core prompt templates. * Boundary markers: The templates lack delimiters or instructions to the LLM to ignore embedded commands within user variables, making it possible for a user to override the 'forced' design constraints. * Capability inventory: The skill is designed to interact with the file system (reading/writing images) through theresize_cover.jsscript. * Sanitization: There is no evidence of sanitization or validation logic to filter out malicious instructions in the user-provided inputs.
Audit Metadata