frame-tv
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates user-controlled text directly into the prompt sent to the Gemini API.
- Ingestion points: User-provided text via the
--promptargument inscripts/frame_tv_art.py. - Boundary markers: Absent; user input is concatenated with descriptive suffixes like "High resolution, museum-quality artwork..." without delimiters.
- Capability inventory: The script has network access (to call the Google Gemini API), file write access (to save images and cost logs), and file read access (to read input images and configuration files).
- Sanitization: No sanitization or validation of the input prompt string is performed before it is processed by the AI model.
- [EXTERNAL_DOWNLOADS]: The skill uses
uvto manage dependencies, declaringgoogle-genaiandpillow. These are well-known, reputable packages used for their intended purposes. - [COMMAND_EXECUTION]: The skill executes a Python script using
uv run, which is the standard mechanism for this environment. It performs legitimate file system operations such as creating directories for art and writing log files in the user's home directory.
Audit Metadata