storyboard-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The file
SKILL.mdcontains a hardcoded Google Gemini API key (AIzaSyDvvGGRbH4Os3Er0dYi0kE_AzE3_2b_Az8) in both the Phase 4 command example and the API Configuration table. This allows unauthorized access to the associated Google Cloud account.\n- [COMMAND_EXECUTION] (MEDIUM): The skill workflow inSKILL.mdrequires the agent to execute a local Python scriptscripts/generate_image.pyusing a shell command. This creates a potential command injection vector if the user-provided story description (interpolated into the--promptargument) contains shell metacharacters and is not correctly escaped by the execution environment.\n- [DATA_EXFILTRATION] (LOW): The scriptscripts/generate_image.pymakes outbound network requests togenerativelanguage.googleapis.comusingurllib.request.urlopen. Although this is functional for the skill's purpose, the domain is not in the trusted whitelist.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted user stories.\n - Ingestion points: User-provided story text in Phase 1 of
SKILL.md.\n - Boundary markers: Absent; the instructions do not use delimiters to wrap the user input when constructing the image generation prompt.\n
- Capability inventory: Subprocess execution and network requests via
scripts/generate_image.py.\n - Sanitization: Absent; user input is directly interpolated into the prompt string without validation or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata