ai-product-photo-scene-planner

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: No security issues were detected. The skill follows standard practices for API-integrated tools, including the use of environment variables for secret management.
  • [COMMAND_EXECUTION]: The skill provides a Python runner script (scripts/run.py) intended for execution by the user. The script is used to communicate with the backend service and does not perform any unauthorized local operations.
  • [EXTERNAL_DOWNLOADS]: The scripts/run.py script performs network requests to the vendor's official domain (ai-skills.ai) to transmit user parameters and retrieve analysis results. This communication is necessary for the skill's primary function and targets the vendor's own infrastructure.
  • [PROMPT_INJECTION]: The skill processes user-defined strings for product details and brand requirements. While these are ingestion points for untrusted data, the risk is mitigated by the skill's limited scope and the absence of high-privilege local capabilities.
  • Ingestion points: productInfo, brandStyle, targetAudience, and productImagesBrief parameters defined in references/form-schema.json.
  • Boundary markers: None identified in the prompt templates.
  • Capability inventory: Network communication with the ai-skills.ai API via scripts/run.py.
  • Sanitization: No explicit sanitization or filtering of input parameters was observed in the provided scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:30 AM
Security Audit — agent-trust-hub — ai-product-photo-scene-planner