skills/rebyteai/rebyte-skills/nanoppt/Gen Agent Trust Hub

nanoppt

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the execution of a local Python script (scripts/generate.py) to manage image generation and editing workflows.
  • [DATA_EXFILTRATION]: The scripts/generate.py script accesses sensitive configuration data, including an authentication token and service URL, from ~/.rebyte.ai/auth.json. This data is used to authorize network requests to the vendor's image generation API. This behavior is documented as standard functionality for the 'rebyteai' platform.
  • [PROMPT_INJECTION]: The skill processes external article content to create ASCII frameworks and prompts for AI image generation, which introduces an indirect prompt injection surface. Malicious content within a processed article could attempt to influence the agent's generation behavior.
  • Ingestion points: External article content provided by the user in the 'Article to ASCII Framework' step.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the workflow.
  • Capability inventory: The skill can execute local Python scripts that perform network POST requests and write files to the local disk.
  • Sanitization: The skill does not perform sanitization or validation of the input article text before processing it into image prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:39 PM
Security Audit — agent-trust-hub — nanoppt