producthunt-launch-images

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from project repositories to generate image prompts. Ingestion points: Project README, package metadata, documentation, and source files (Step 2 of the workflow). Boundary markers: Absent; the skill does not instruct the use of delimiters to isolate untrusted project data. Capability inventory: Local file system read access and external image generation via tool calls. Sanitization: None; the skill directly extracts and interpolates data from the project into image generation prompts.
  • [DATA_EXFILTRATION]: The workflow requires deep inspection of project source files for technical metrics like ports, route counts, and registry counts. This creates a risk of data exposure where sensitive internal configuration or hardcoded information could be captured and inadvertently transmitted to external image generation services within the prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 08:20 PM
Security Audit — agent-trust-hub — producthunt-launch-images