Skills
skills/afu-it/create-image-codex/imagegen/Gen Agent Trust Hub

imagegen

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions include shell command templates that interpolate the user's prompt directly into a JSON payload for a curl request (e.g., -d "{\"prompt\":\"<PROMPT>\",...}"). This pattern creates a potential surface for indirect prompt injection or command injection if the agent fails to properly escape the input before execution.
  • Ingestion points: User prompts in SKILL.md.
  • Boundary markers: Absent in the shell command templates.
  • Capability inventory: curl, python3 (used for subprocess execution and data parsing).
  • Sanitization: No explicit instructions for escaping or validating the user-provided prompt content are included in the skill body.
  • [COMMAND_EXECUTION]: The skill uses Python and shell scripts to read configuration data from ~/.config/imagegen/auth.json, manage temporary files in tmp/imagegen/, and execute network requests via curl. While these operations support the skill's primary function, the dynamic assembly of shell commands increases the security surface.
  • [EXTERNAL_DOWNLOADS]: The install.sh and bin/create-image-codex.js scripts download and update the skill's source code from its GitHub repository (https://github.com/afu-it/create-image-codex.git). Additionally, SETUP.md recommends installing standard Python packages (openai, pillow) from official package registries.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 07:45 AM
Security Audit — agent-trust-hub — imagegen