tech-article-image
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill documentation (README.md) recommends that users install the
mcp-imagepackage usingnpx. While this is a standard method for extending Claude's capabilities via the Model Context Protocol (MCP), the package is hosted on the public npm registry by a third-party author ('shinpr') who is not on the trusted organization list. This constitutes a dependency on an unverified external source. - [PROMPT_INJECTION] (LOW): The skill processes untrusted article text or summaries provided by the user to generate image prompts (Indirect Prompt Injection, Category 8).
- Ingestion points: User-supplied technical articles or summaries are used as the primary input for analysis in
SKILL.md. - Boundary markers: The instructions lack explicit delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings when interpolating the article content into the prompt generation logic.
- Capability inventory: The skill can call
mcp-image:generate_imageif the tool is configured. - Sanitization: No sanitization or filtering of the article text is performed before it is used to influence the generated output. An adversary could theoretically embed instructions within a technical article to manipulate the resulting image prompt.
Audit Metadata