skills/danielmiessler/lifeos/Art/Gen Agent Trust Hub

Art

Fail

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Potential shell command injection in Tools/Generate.ts. The addBackgroundColor function uses execAsync to execute a magick shell command with unescaped variables for input and output paths. A maliciously crafted filename could be used to execute arbitrary shell commands on the host.
  • [COMMAND_EXECUTION]: Risk of shell injection in notification instructions. Instructions in SKILL.md and various workflows (e.g., Workflows/AdHocYouTubeThumbnail.md) command the agent to run curl to a local notification service using unescaped placeholders for workflow names and actions. This pattern is vulnerable to injection if the agent populates these fields with untrusted content.
  • [PROMPT_INJECTION]: Susceptibility to indirect prompt injection. The skill ingests untrusted data from articles and URLs to extract information for generating AI prompts. Ingestion points: Tools/GeneratePrompt.ts (file input) and Workflows/AdHocYouTubeThumbnail.md (content analysis). Boundary markers: None identified. Capability inventory: Shell execution of magick and curl, and network access to AI APIs using stored credentials. Sanitization: No input validation is performed on the ingested content before interpolation into model prompts.
  • [COMMAND_EXECUTION]: Extensive reliance on system binaries. The skill frequently executes external tools like magick, rembg, and cwebp. This is functional but represents a significant attack surface.
  • [EXTERNAL_DOWNLOADS]: Standard network requests to trusted AI services (OpenAI, Google, Replicate) and Discord. These operations are consistent with the skill's stated purpose.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 30, 2026, 03:34 PM
Security Audit — agent-trust-hub — Art