producthunt-launch-images
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from project repositories to generate image prompts. Ingestion points: Project README, package metadata, documentation, and source files (Step 2 of the workflow). Boundary markers: Absent; the skill does not instruct the use of delimiters to isolate untrusted project data. Capability inventory: Local file system read access and external image generation via tool calls. Sanitization: None; the skill directly extracts and interpolates data from the project into image generation prompts.
- [DATA_EXFILTRATION]: The workflow requires deep inspection of project source files for technical metrics like ports, route counts, and registry counts. This creates a risk of data exposure where sensitive internal configuration or hardcoded information could be captured and inadvertently transmitted to external image generation services within the prompts.
Audit Metadata