woa-cover-image
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate local operations required for its functionality. It reads article files, constructs image prompts, and communicates with a local service on localhost. All file system operations are directed to specified or default local paths.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it integrates untrusted article titles and summaries into the prompt sent to the image API. This is a functional requirement for the skill's operation.
- Ingestion points: Article content is ingested from the file system or CLI arguments in
scripts/main.ts. - Boundary markers: No explicit delimiters or safety instructions are used to separate user-provided content from the rest of the generated prompt.
- Capability inventory: The script can read/write local files and make network requests to a local endpoint (
localhost:5678). - Sanitization: Basic sanitization is performed via character replacement and length truncation for prompt and filename construction.
Audit Metadata