ai-gpt-image-2
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion surfaces.
- Ingestion points: Untrusted data enters the context through
materialUrl(external URLs) andmaterialText(user-provided descriptions) defined inreferences/form-schema.jsonandSKILL.md. - Boundary markers: The provided instructions do not define explicit delimiters or security markers to isolate untrusted input from the agent's core instructions.
- Capability inventory: The skill uses
scripts/run.pyto perform network operations viaurllib.request.urlopento the vendor's API athttps://ai-skills.ai. No sensitive file system access or subprocess execution capabilities were found. - Sanitization: There is no evidence of sanitization or filtering for the external content before it is passed to the execution environment.
Audit Metadata