text-to-visual
Fail
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download an installation script from
https://picsart.com/gen-ai-cli/install.sh, which is an official resource belonging to the skill's author. - [REMOTE_CODE_EXECUTION]: The installation process involves piping a remote shell script directly into bash (
curl -fsSL ... | bash). This is a standard installation pattern for the vendor's command-line tool. - [COMMAND_EXECUTION]: The skill utilizes several local shell utilities for workflow automation, including
gen-ai,jq,pbpaste,xclip,xargs,curl, andopen. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from URLs and user text for prompt construction.
- Ingestion points: Content is ingested from user-provided paragraphs, articles, and URLs in
SKILL.mdandarticle-set.md. - Boundary markers: There are no explicit delimiters or system instructions to prevent the model from obeying instructions embedded within the source text.
- Capability inventory: The
gen-aiCLI tool provides network access (to Picsart Drive/CDN) and file system write capabilities. - Sanitization: The instructions do not describe any sanitization or filtering of the input text before it is used to generate visual prompts.
Recommendations
- HIGH: Downloads and executes remote code from: https://picsart.com/gen-ai-cli/install.sh - DO NOT USE without thorough review
Audit Metadata