ai-product-photo-scene-planner
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No security issues were detected. The skill follows standard practices for API-integrated tools, including the use of environment variables for secret management.
- [COMMAND_EXECUTION]: The skill provides a Python runner script (
scripts/run.py) intended for execution by the user. The script is used to communicate with the backend service and does not perform any unauthorized local operations. - [EXTERNAL_DOWNLOADS]: The
scripts/run.pyscript performs network requests to the vendor's official domain (ai-skills.ai) to transmit user parameters and retrieve analysis results. This communication is necessary for the skill's primary function and targets the vendor's own infrastructure. - [PROMPT_INJECTION]: The skill processes user-defined strings for product details and brand requirements. While these are ingestion points for untrusted data, the risk is mitigated by the skill's limited scope and the absence of high-privilege local capabilities.
- Ingestion points:
productInfo,brandStyle,targetAudience, andproductImagesBriefparameters defined inreferences/form-schema.json. - Boundary markers: None identified in the prompt templates.
- Capability inventory: Network communication with the
ai-skills.aiAPI viascripts/run.py. - Sanitization: No explicit sanitization or filtering of input parameters was observed in the provided scripts.
Audit Metadata