arcanea-book-cover
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches generated image content from Google's official Generative Language API endpoint.
- [COMMAND_EXECUTION]: Executes a shell script utilizing
curland a Python one-liner to download, decode, and save image files to the localapps/web/public/images/books/directory. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from book manuscripts and configuration files to compose image generation prompts.
- Ingestion points: Instructions in Phase 1 direct the agent to read book chapters, pivotal scenes, outlines, and
book.yamlfiles. - Boundary markers: Absent. The skill does not employ delimiters or specific instructions to isolate untrusted book content from the prompt composition logic.
- Capability inventory: The skill possesses network access (via
curl) and file-writing capabilities (viapython3). - Sanitization: Absent. There is no evidence of content validation or escaping of the ingested book data before it is interpolated into the generation prompt.
Audit Metadata