youmind-blog-cover
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @youmind-ai/cli package from the official npm registry. This is a legitimate vendor tool required to interact with the YouMind service.
- [COMMAND_EXECUTION]: Executes the youmind CLI for API communication and runs a local script (scripts/extract-images.js) to parse JSON responses. These actions are aligned with the skill's stated purpose.
- [PROMPT_INJECTION]: User-provided titles and topics are interpolated into image generation prompts. While this is an indirect prompt injection surface, the risk is negligible as it only affects the generated image output. 1. Ingestion points: User input in SKILL.md Step 3. 2. Boundary markers: Absent. 3. Capability inventory: youmind CLI and Node.js script execution. 4. Sanitization: Absent.
Audit Metadata