skills/ar9av/game-exa/tile-artist/Gen Agent Trust Hub

tile-artist

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Communicates with OpenAI and Fal.ai APIs to generate and download tile textures based on design document palette entries.
  • [CREDENTIALS_UNSAFE]: Accesses the ~/.all-skills/.env file to retrieve FAL_KEY or OPENAI_API_KEY, which is a standard method for managing credentials within this skill's operational context.
  • [PROMPT_INJECTION]: Implements an indirect prompt injection surface via image generation prompts.
  • Ingestion points: Reads tile descriptions, IDs, and colors from game-state.json.
  • Boundary markers: No delimiters or instructions are used to separate user-provided descriptions from the static prompt template.
  • Capability inventory: Performs network requests to AI APIs and writes processed image files to the local file system.
  • Sanitization: No input validation or escaping is applied to the metadata interpolated into API prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:37 PM
Security Audit — agent-trust-hub — tile-artist