arcanea-book-cover
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions include a shell command template that uses
curlto call an external API and pipes the result to a Python script. This script writes binary image data directly to the local file system atapps/web/public/images/books/. - [COMMAND_EXECUTION]: The skill directs the agent to modify application source code, specifically updating
COVER_MAPin.tsxfiles located inapps/web/app/books/drafts/to register new covers. - [EXTERNAL_DOWNLOADS]: The skill initiates network requests to Google's Generative Language API (
generativelanguage.googleapis.com) to retrieve generated image content based on constructed prompts. - [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, including
book.yaml, project outlines, and chapter text, to inform the design process. This creates a surface for indirect prompt injection. - Ingestion points: Reads
book.yaml, book outlines, and individual book chapter files. - Boundary markers: No explicit delimiters are used to wrap or isolate the untrusted book content during the analysis phase.
- Capability inventory: Execution of
curl,python3, and file write operations to project directories. - Sanitization: No explicit sanitization or filtering of the input text is performed before it is processed by the agent to create the image generation prompt.
Audit Metadata