illustration-generator
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to read and summarize content from untrusted Markdown files to generate image descriptions.
- Ingestion points: The agent reads 'article.md' during the analysis phase.
- Boundary markers: No delimiters or specific instructions are provided to distinguish between the article's content and the skill's instructions.
- Capability inventory: The skill utilizes 'Bash', 'Write', and 'Edit' tools to modify configurations and execute generation scripts.
- Sanitization: No sanitization or filtering is applied to the content extracted from the Markdown files before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes a local script 'scripts/generate.py' which handles file system interactions, parallel processing via ThreadPoolExecutor, and image generation. The script also modifies 'sys.path' at runtime to load a shared library from a hardcoded local directory ('~/.claude/skills/shared-lib').
Audit Metadata