generate-image

skills-sh:davila7_claude-code-templates__generate-image

View source

75/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

75/100

CRITICAL 1

LOW 1

Findings (2)

CRITICAL

Instruction override combined with dangerous operations NLP_OVERRIDE_DANGEROUS

prompt-injection L1

Instruction override combined with dangerous operations

--api-key: OpenRouter API key (overrides .env file)

FIX

Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.

FP?

Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L51

Detects URLs fetched at runtime that control or influence agent behavior without pinning

Get an API key from: https:// + prompt

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.