acos-visual-gen

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill incorporates an indirect prompt injection surface by design, as it fetches external data from WebSearch to inform its image prompts. Ingestion points: External data enters through the WebSearch tool in the Step 1 research phase. Boundary markers: There are no specific delimiters used to isolate search results from the system instructions. Capability inventory: The skill utilizes WebSearch and mcp__nanobanana__generate_image tools. Sanitization: No validation or sanitization of search results is performed before their use. This surface is acceptable as it is necessary for the skill's primary research function.
  • [SAFE]: All identified behaviors are consistent with the skill's described purpose. There is no evidence of credential theft, data exfiltration, or unauthorized code execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — acos-visual-gen