visual-verdict
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze and interpret visual data from user-provided images, which creates an attack surface for indirect prompt injection if those images contain adversarial text instructions.\n
- Ingestion points: Visual data enters the agent context through the
reference_imagesandgenerated_screenshotarguments defined in SKILL.md.\n - Boundary markers: The skill uses XML-style tags for organization but does not provide specific instructions to the model to disregard or isolate text discovered within the input images.\n
- Capability inventory: The skill itself does not define shell commands, network operations, or file system modifications, though it mentions external pixel diff tools as debug aids.\n
- Sanitization: No sanitization or filtering is applied to the content extracted from the images by the vision system before it is used to generate the final verdict.
Audit Metadata