product-visual-generator
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it scrapes metadata from untrusted external websites and provides it to the agent for analysis without sanitization or boundary markers.\n
- Ingestion points:
scripts/generate-visuals.pyfetches data from user-supplied URLs and extracts metadata likeog:title.\n - Boundary markers: None identified; the agent reads the scraped
products.jsonmanifest directly.\n - Capability inventory: The skill possesses network access, file write capabilities, and integrates with the Fal.ai image generation API.\n
- Sanitization: While filenames are slugified, the product titles and descriptions are processed by the agent in their raw form.\n- [DATA_EXFILTRATION]: The scraper in
scripts/generate-visuals.pyperforms network requests to arbitrary URLs without validating the target addresses, creating a potential Server-Side Request Forgery (SSRF) surface if directed at internal or private network resources.\n- [DATA_EXFILTRATION]: The environment loader inscripts/generate-visuals.pyrecursively searches for and parses.envfiles up to five levels above the current directory, which could inadvertently load and expose sensitive credentials from parent project folders.
Audit Metadata