Skills
skills/samuraigpt/generative-media-skills/muapi-blog-header/Gen Agent Trust Hub

muapi-blog-header

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because user-provided inputs are interpolated into the image generation prompt without boundary markers or sanitization. An attacker could provide malicious input to manipulate the image generation process.
  • Ingestion points: The topic, publication_style, and dominant_color inputs in SKILL.md.
  • Boundary markers: None present in the prompt templates.
  • Capability inventory: Image generation and editing via muapi CLI and curl requests to the vendor API.
  • Sanitization: No input validation or escaping is performed before interpolation.
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands, specifically muapi CLI tools and curl requests for API interaction. These commands utilize the MUAPI_API_KEY environment variable for authentication with the vendor's domain api.muapi.ai.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:05 PM
Security Audit — agent-trust-hub — muapi-blog-header