sticker-factory

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts (run.sh) using variables that incorporate user-provided content. Specifically, in Step 2, the variable OUTPUT_DIR is constructed using the user-defined theme (e.g., output/stickers_[theme]) and passed directly as an argument to a shell command.
  • [COMMAND_EXECUTION]: Similar execution patterns occur in Step 3, where scripts are called to resize and crop images. If a user provides a theme containing shell metacharacters (such as ;, |, or `), and the agent does not sanitize this input before interpolating it into the shell command string, it could result in arbitrary command execution on the host environment.
  • [DATA_EXFILTRATION]: The skill provides absolute directory paths to the user in the final delivery step. While necessary for the skill's functionality, this exposes the local file system structure and could be leveraged if combined with other vulnerabilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 07:12 AM
Security Audit — agent-trust-hub — sticker-factory