image-generation
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security and quality posture by requiring a 'JSON Prompt Pipeline'. This process forces the conversion of untrusted user input into a structured format that must pass a manual or automated review checklist before being sent to the Image API.
- [EXTERNAL_DOWNLOADS]: The skill references several external documentation and research URLs (OpenAI, arXiv, Baymard Institute, Shutterstock). These references are used for grounding the agent's research and prompt engineering logic and target well-known, trusted professional and academic services.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect injection as it processes user requirements and external source images. However, it mitigates this risk by:
- Ingestion points: Explicitly defining input sources in the
source_inputsanduser_requirements_summaryJSON fields. - Boundary markers: Using a JSON schema to separate creative direction from API execution settings.
- Capability inventory: Limiting actions to image generation and file saving within the workspace.
- Sanitization: Including a mandatory
review_checklistthat checks for safety, rights, and brand risks before any generation occurs. - [COMMAND_EXECUTION]: The skill references the use of an
image_apiorimagegensystem skill. There is no evidence of arbitrary shell command execution or unauthorized file system access. File operations are limited to saving project-bound images to the workspace.
Audit Metadata