acos-visual-gen
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by design, as it fetches external data from WebSearch to inform its image prompts. Ingestion points: External data enters through the WebSearch tool in the Step 1 research phase. Boundary markers: There are no specific delimiters used to isolate search results from the system instructions. Capability inventory: The skill utilizes WebSearch and mcp__nanobanana__generate_image tools. Sanitization: No validation or sanitization of search results is performed before their use. This surface is acceptable as it is necessary for the skill's primary research function.
- [SAFE]: All identified behaviors are consistent with the skill's described purpose. There is no evidence of credential theft, data exfiltration, or unauthorized code execution.
Audit Metadata