muapi-giant-product-showcase
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: User input from 'person_description' is interpolated directly into the image generation prompt without delimiters. This allows users to potentially influence the generation process through indirect prompt injection.
- Ingestion points: person_description field in SKILL.md.
- Boundary markers: None.
- Capability inventory: Image and video generation via 'muapi' CLI and API.
- Sanitization: No input validation or escaping detected.- [COMMAND_EXECUTION]: The skill utilizes the 'muapi' CLI and standard 'curl' commands to interact with the vendor's API. These commands are necessary for the skill's primary function and are documented neutrally.
Audit Metadata