picsart-api
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to and instructs the agent to use the Picsart MCP server at
https://mcp.picsart.io/v1and various Picsart API endpoints includingapi.picsart.io,video-api.picsart.io,genai-api.picsart.io, andvd-api.picsart.iofor media processing and generation tasks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing untrusted external content.
- Ingestion points: User-provided text prompts, CSV data content for bulk rendering, and remote media URLs are processed via generative AI and media editing tools in files like
SKILL.mdandreferences/genai-api.md. - Boundary markers: There are no explicit delimiters or system instructions defined to prevent the agent from following commands embedded within the processed data.
- Capability inventory: The skill possesses extensive capabilities to interact with external Picsart media tools, including text generation and image/video manipulation.
- Sanitization: No input validation or sanitization routines are specified for handling the data interpolated into API requests.
- [PROMPT_INJECTION]: The reference documentation in
references/genai-api.mdlists model identifiers (URNs) for speculative or future models (e.g.,urn:air:openai:model:openai:gpt-5@1,urn:air:google:model:google:gemini-3-pro-preview@1). While these are likely vendor-defined routing keys for their 'AIR' service, the use of high-capability model names can influence agent behavior or user trust in the outputs.
Audit Metadata