logo-batch-generator
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The file
SKILL.mdcontains a hardcoded Google Gemini API key (AIzaSyDvvGGRbH4Os3Er0dYi0kE_AzE3_2b_Az8) in the Phase 3 bash example and the API configuration table.\n- [COMMAND_EXECUTION]: The skill executes a local scriptscripts/generate_image.pyviapython3to interact with the Gemini API and write image files to the local system.\n- [DATA_EXFILTRATION]: Hardcoded local paths inSKILL.md(e.g.,/Users/ugreen/Documents/obsidian/09image/) expose specific user directory structures and the system username.\n- [PROMPT_INJECTION]: The skill processes untrusted user input for brand descriptions and interpolates it directly into the image generation prompt and the output filename.\n - Ingestion points: User input for brand name, industry, and philosophy collected during Phase 1 in
SKILL.md.\n - Boundary markers: No delimiters or safety instructions are used when interpolating user data into the prompt templates provided in
references/logo-styles.md.\n - Capability inventory: The script
scripts/generate_image.pyhas the ability to create directories (os.makedirs) and write binary data to the local file system usingopen().write().\n - Sanitization: There is no validation or sanitization for the '品牌名' variable, which is used to construct the
--outputfile path, creating a risk of directory traversal if malicious characters are provided.
Recommendations
- AI detected serious security threats
Audit Metadata