acos-visual-gen
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8c). It retrieves factual data via a
WebSearchtool and interpolates that data directly into a prompt for themcp__nanobanana__generate_imagetool without explicit sanitization or strict boundary markers. This could allow maliciously crafted content on an external website to influence the generated image's visual content. - Ingestion points:
WebSearchoutput is used in Step 1 to populate facts. - Boundary markers: Absent. Facts are interpolated directly into the
{fact_n_visualized}placeholders. - Capability inventory: Image generation via
mcp__nanobanana__generate_imagetool. - Sanitization: Not specified in the instructions.
- [SAFE]: No obfuscation, data exfiltration patterns, or unauthorized command executions were detected. The skill uses standard MCP tool invocation patterns.
Audit Metadata