persona-builder
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill uses established vendor-provided tools from the author (Pika-Labs) and well-known services (Cloudflare R2) to perform its primary functions. All file outputs are correctly targeted at temporary directories, preventing unauthorized persistent file system modification.
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
curl) for managing asset uploads and verifying content types on Cloudflare R2. This is a legitimate part of the workflow for ensuring correct metadata on uploaded images used in the PDF rendering process. - [PROMPT_INJECTION]: The skill ingests content from external social media profiles. While there is an inherent risk of indirect prompt injection from scraped text, the skill includes multiple human-in-the-loop approval gates and mandatory automated visual QA checks using
mcp__plugin_pika_pika__analyze_media, which effectively mitigate the risk and impact of potentially malicious input data.
Audit Metadata