image-to-prompt
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted user data (images and text) and uses the resulting analysis to generate its own output. An attacker could provide an image containing text instructions designed to hijack the prompt generation process. This is an inherent risk for vision-based agents.
- [COMMAND_EXECUTION]: The instructions direct the agent to utilize a specific image analysis tool (
mcp__zai-mcp-server__analyze_image) when a URL or file path is provided. This is a legitimate use of the Model Context Protocol (MCP) for the skill's primary function. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch and process images from external URLs provided by the user to perform its analysis.
Audit Metadata