ads-photoshoot
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified in the prompt construction logic. The skill interpolates user-supplied product descriptions, external URL content, and brand profile data directly into templates for image generation.
- Ingestion points: User input (product description), external product URL (Step 1), and local brand configuration file
brand-profile.json(Step 2). - Boundary markers: Absent. The skill lacks delimiters or instructions to ignore potential malicious content embedded within the ingested data.
- Capability inventory: The skill has the capability to write files to the local filesystem (
./product-photos/) and execute generation commands via thebanana-claudetool. - Sanitization: No sanitization or validation of input data is performed before prompt interpolation.
- [DATA_EXFILTRATION]: Access to sensitive file paths in the user's home directory.
- Evidence: The skill reads from
~/.banana/costs.jsonto report usage spend to the user. - Evidence: The skill references documentation and specification files located in
~/.claude/skills/ads/references/.
Audit Metadata