muapi-amazon-product-listing
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection due to unsanitized input interpolation. User-provided data from fields such as
product_name,product_category, andkey_featuresis directly inserted into prompt strings for various image models (e.g.,gpt4o-text-to-image,nano-banana-pro). The lack of boundary markers or escaping logic means malicious input could potentially manipulate the output or behavior of the image generation service. - [COMMAND_EXECUTION]: Orchestration of vendor CLI and API calls. The skill instructions direct the agent to use the
muapiCLI tool andcurlcommands to interact withapi.muapi.ai. These operations use theMUAPI_API_KEYenvironment variable for authentication and are consistent with the skill's stated purpose of utilizing the author's platform for image generation.
Audit Metadata