qwen-image-2-pro
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the 'belt' CLI and related skills from the 'inference-sh' and 'belt-sh' GitHub and NPM repositories, which are the official sources for the described service.
- [COMMAND_EXECUTION]: Command-line operations are directed through the 'belt' tool. The skill defines 'allowed-tools: Bash(belt *)' in its metadata, which follows the principle of least privilege by restricting the agent's shell access to only the necessary command.
- [PROMPT_INJECTION]: The skill accepts user-provided text prompts and image URIs. While this creates a surface for indirect prompt injection, the impact is minimized by the skill's specific purpose (image generation) and the lack of high-risk capabilities like local file modification.
- Ingestion points: 'prompt' and 'reference_images' fields in the run command input.
- Boundary markers: None used; inputs are passed directly to the model API.
- Capability inventory: Limited to API interaction via the 'belt' command; no sensitive file access or persistence mechanisms are requested.
- Sanitization: Not explicitly implemented; the skill relies on the inference platform's internal safety filters.
Audit Metadata