Skills
skills/samuraigpt/generative-media-skills/muapi-product-campaign/Gen Agent Trust Hub

muapi-product-campaign

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection where untrusted user inputs are interpolated directly into prompts for image and video generation tools.
  • Ingestion points: User-provided inputs including product_name, campaign_message, target_audience, and visual_style are ingested via SKILL.md.
  • Boundary markers: The prompt templates do not utilize delimiters (e.g., XML tags or triple quotes) or negative constraints to prevent the model from following instructions embedded within the user data.
  • Capability inventory: The skill has the ability to execute shell commands via the muapi CLI and perform network operations via curl.
  • Sanitization: No input validation, escaping, or filtering is applied to the user-supplied text before interpolation.
  • [COMMAND_EXECUTION]: The skill relies on the execution of shell commands to interact with the MuAPI platform.
  • Evidence: Instructions specify the use of muapi image generate, muapi image edit, and muapi video generate CLI tools.
  • [DATA_EXFILTRATION]: The skill performs network operations to transmit data to an external service endpoint.
  • Evidence: The skill communicates with https://api.muapi.ai/api/v1/ using the MUAPI_API_KEY to process campaign assets. This is the official endpoint associated with the skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:04 PM
Security Audit — agent-trust-hub — muapi-product-campaign