image-skill-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): A hardcoded Google API key (
AIzaSyDvvGGRbH4Os3Er0dYi0kE_AzE3_2b_Az8) was found in thereferences/skill-template.mdfile. This credential will be embedded into the configuration of any new skill generated by this assistant. - [COMMAND_EXECUTION] (HIGH): The
references/skill-template.mdfile instructs the agent to executescripts/generate_image.pyusing shell commands with interpolated user-controlled variables (e.g.,--prompt "{{prompt}}"). If the agent does not properly sanitize these inputs, an attacker could achieve arbitrary command execution via shell metacharacters. - [PROMPT_INJECTION] (HIGH): As per Category 8 (Indirect Prompt Injection), the workflows defined in
references/skill-template.md(Template A, C, and E) involve ingesting untrusted external data such as articles and stories to generate prompts. This untrusted data directly influences the execution of a script that performs filesystem operations. - Ingestion points:
references/skill-template.md(Phase 1 of Templates A, C, E) specifies reading user-provided articles, documents, and story descriptions. - Boundary markers: None present in the templates to delimit external content from instructions.
- Capability inventory:
scripts/generate_image.pyusesos.makedirsandopen(..., "wb").write()to write data to the local filesystem. - Sanitization: No sanitization or validation logic is defined for the external content before it is processed or passed to the generation script.
Recommendations
- AI detected serious security threats
Audit Metadata