multi-channel-bundle
Fail
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches an installation script from the author's official website at https://picsart.com/gen-ai-cli/install.sh.
- [REMOTE_CODE_EXECUTION]: The installation process for the gen-ai CLI involves piping a remote script from the author's infrastructure directly to the bash shell.
- [COMMAND_EXECUTION]: The skill performs multiple shell operations through the gen-ai CLI, including user authentication, credit pricing estimation, and batch processing of image manifests.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by incorporating untrusted user input into model prompts.
- Ingestion points: User-provided campaign and launch briefs defined in campaign.md and launch.md.
- Boundary markers: Absent; user content is concatenated into strings used as prompts for models like flux-2-pro and recraftv4.
- Capability inventory: Subprocess execution via the gen-ai CLI for generating, extending, and batch-processing visual assets.
- Sanitization: Absent; no escaping or filtering is applied to the user-provided brief before it is used in prompt construction.
Recommendations
- HIGH: Downloads and executes remote code from: https://picsart.com/gen-ai-cli/install.sh - DO NOT USE without thorough review
Audit Metadata