image-generation
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The script generate_poster.ts accepts arbitrary file paths via the --assets command-line argument. These files are read and uploaded to external storage provided by Google GenAI or fal.ai. Because there is no content or file-type validation, this feature can be abused to exfiltrate sensitive local files (such as .env files, SSH keys, or cloud credentials) if the agent is tricked via prompt injection into treating them as reference images.
- [COMMAND_EXECUTION]: The skill operates by executing a TypeScript script using npx ts-node with arguments partially derived from user input. This pattern creates a surface for command-line argument manipulation, potentially leading to unauthorized file system access or execution of unintended script logic if the agent fails to properly sanitize the input prompt and file paths.
- [REMOTE_CODE_EXECUTION]: The script generate_poster.ts downloads image data from URLs returned by the fal.ai API using the fetch command. While these URLs originate from the service provider, the lack of origin validation on the resulting payload increases the risk if the provider's response is compromised.
Audit Metadata