blog-image
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted markdown files to generate image prompts without explicit boundary markers or instructions to ignore embedded commands.
- Ingestion points: Markdown files specified via
$ARGUMENTSor detected throughgit status. - Boundary markers: Absent.
- Capability inventory: Executes shell commands (
pnpm tsx) and writes files to the local filesystem. - Sanitization: None described; the generated prompt is directly interpolated into a shell command.
- [COMMAND_EXECUTION]: The workflow involves executing a shell command (
pnpm tsx scripts/generate-blog-image.ts "<prompt>" ...) where the<prompt>variable is derived from the analysis of external blog content. This creates a command injection surface if the generated prompt contains shell-sensitive characters (like double quotes, backticks, or semicolons) and the agent does not properly escape them before execution.
Audit Metadata