character-design
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
genmediaCLI commands for model discovery, schema inspection, and executing media generation jobs. - [EXTERNAL_DOWNLOADS]: Generated files are downloaded from remote service providers to the local path
./outputs/characters/using the--downloadflag ingenmediacommands. - [DATA_EXFILTRATION]: User-provided reference images are uploaded to external endpoints (e.g.,
fal-ai/,openai/) to facilitate identity-preserving generation tasks. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where user-provided character attributes and prompt variables are interpolated into shell command strings.
- Ingestion points: Character identity anchors and shot variables collected from user input as described in
SKILL.mdand related reference files. - Boundary markers: The prompt structure uses descriptive headers like
CHARACTER ANCHORbut does not implement security-hardened delimiters to separate untrusted data from instructions. - Capability inventory: The agent has the capability to execute shell commands (
genmedia) and perform local file writes via the--downloadflag. - Sanitization: There is no evidence of sanitization or escaping of shell metacharacters for the prompt strings passed to the CLI tool.
Audit Metadata