social-creative-designer
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of system-level commands to function. It instructs the agent to perform a global package installation using
pip3 install imageio[ffmpeg] --break-system-packagesand to execute a generated Python script to compile images into MP4 video files. While these actions are standard for the skill's media-processing purpose, they involve direct shell and runtime interaction.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it takes arbitrary text from the user and interpolates it into complex prompts for an image generation tool.\n - Ingestion points: User inputs for 'post concept' and 'overlay text' collected during the intake phase in
SKILL.md.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent or the image generation tool to treat these user-supplied strings as non-executable data.\n
- Capability inventory: The agent has access to the
mcp__nanobanana__generate_imagetool and a Python execution environment, which could be influenced by malicious instructions embedded in the user text.\n - Sanitization: The skill does not define any validation or sanitization steps to filter out potentially malicious content from the user inputs before prompt construction.
Audit Metadata