Skills
skills/samuraigpt/generative-media-skills/muapi-action-figure-generator/Gen Agent Trust Hub

muapi-action-figure-generator

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: User-provided input from the 'toy_theme' variable is interpolated directly into the image generation prompt without sanitization or boundary markers in SKILL.md.
  • Ingestion points: 'toy_theme' variable.
  • Boundary markers: Absent.
  • Capability inventory: 'muapi' CLI and 'curl' commands for remote processing.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill instructs the agent to substitute user inputs directly into command-line arguments and curl data payloads, which creates a potential surface for command injection if inputs are not properly escaped by the executing agent.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to the external domain 'api.muapi.ai' to interact with an image generation API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:05 PM
Security Audit — agent-trust-hub — muapi-action-figure-generator