arcanea-book-cover

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions include a shell command template that uses curl to call an external API and pipes the result to a Python script. This script writes binary image data directly to the local file system at apps/web/public/images/books/.
  • [COMMAND_EXECUTION]: The skill directs the agent to modify application source code, specifically updating COVER_MAP in .tsx files located in apps/web/app/books/drafts/ to register new covers.
  • [EXTERNAL_DOWNLOADS]: The skill initiates network requests to Google's Generative Language API (generativelanguage.googleapis.com) to retrieve generated image content based on constructed prompts.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources, including book.yaml, project outlines, and chapter text, to inform the design process. This creates a surface for indirect prompt injection.
  • Ingestion points: Reads book.yaml, book outlines, and individual book chapter files.
  • Boundary markers: No explicit delimiters are used to wrap or isolate the untrusted book content during the analysis phase.
  • Capability inventory: Execution of curl, python3, and file write operations to project directories.
  • Sanitization: No explicit sanitization or filtering of the input text is performed before it is processed by the agent to create the image generation prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 09:38 AM
Security Audit — agent-trust-hub — arcanea-book-cover