Skills
skills/samuraigpt/generative-media-skills/muapi-rednote-cover/Gen Agent Trust Hub

muapi-rednote-cover

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: No malicious behavior or critical security vulnerabilities were detected in the skill's implementation.\n- [PROMPT_INJECTION]: The skill uses user-supplied text to construct prompts for an image generation model, which is a potential surface for indirect prompt injection.\n
  • Ingestion points: The topic, style, and text_overlay inputs in SKILL.md are passed directly into the generation prompt.\n
  • Boundary markers: The prompt templates do not include specific delimiters or instructions to ignore potential injection content within the user inputs.\n
  • Capability inventory: The agent uses the muapi CLI or curl to interact with image generation and editing models.\n
  • Sanitization: There is no evidence of input validation or sanitization before the user data is used in prompts.\n- [COMMAND_EXECUTION]: The skill relies on shell commands (muapi and curl) to perform its core functions. These commands are used as intended for communication with the developer's API and use standard authentication via environment variables.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:05 PM
Security Audit — agent-trust-hub — muapi-rednote-cover