Skills
skills/jackywxsz/jacky-opc/jacky-illustration/Gen Agent Trust Hub

jacky-illustration

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection where untrusted content from the article is used to build the image generation prompt.
  • Ingestion points: The script scripts/article-Illustration-generator.py reads article content from a user-specified file path and extracts paragraphs.
  • Boundary markers: No specific delimiters or boundary markers (e.g., XML tags, triple-backticks) are used to isolate the article content from the instructional prompt in the generate_image function.
  • Capability inventory: The skill possesses the ability to call the Gemini Image API (client.models.generate_content) and write files to the project's output/ directory.
  • Sanitization: The skill does not perform sanitization, filtering, or instruction-following overrides on the article text before interpolating it into the final prompt string.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 07:48 AM
Security Audit — agent-trust-hub — jacky-illustration