article-batch-illustration
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow (Phase 2, Step 5) constructs shell commands using variables such as 'theme name', 'paragraph title', and 'prompts' which are extracted from the article being analyzed. If these extracted fields contain shell metacharacters (e.g., semicolons, backticks, or pipes), it could lead to arbitrary command execution when the agent triggers the
generate_image.pyscript.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted article content and using it to generate prompts for AI models.\n - Ingestion points: Reads article content from the current file or user-specified path (SKILL.md, Phase 1).\n
- Boundary markers: None; the content is parsed and directly interpolated into internal prompt templates without delimiters.\n
- Capability inventory: The skill executes shell commands (Phase 2), writes image files to the local file system (scripts/generate_image.py), and performs external network requests (scripts/generate_image.py).\n
- Sanitization: No sanitization or escaping of the article text is performed before it is used in the command line or as part of the prompt generation process.\n- [EXTERNAL_DOWNLOADS]: The
scripts/generate_image.pyscript initiates network connections to the Gemini API (generativelanguage.googleapis.com) and a third-party provider (api.labnana.com) to facilitate image generation based on user prompts.
Audit Metadata