meme-generation
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script fetches meme template metadata from
api.imgflip.comand downloads template images fromi.imgflip.com. These are well-known services for meme-related content. - [COMMAND_EXECUTION]: The skill executes a local Python script (
generate_meme.py) to handle image processing and text rendering. - [PROMPT_INJECTION]: The skill processes user-supplied captions to generate memes. It optionally uses a vision model to verify the output, which introduces a surface for indirect prompt injection where text rendered into the image could attempt to influence the vision model's evaluation.
- Ingestion points: User-provided captions in
SKILL.mdandgenerate_meme.py. - Boundary markers: None present for the text overlay.
- Capability inventory: Local file writes (
/tmp/meme.png), network reads (Imgflip), and vision analysis (vision_analyze). - Sanitization: No specific sanitization of caption text before rendering.
Audit Metadata