generate
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses specific shell commands to check for and load a
GEMINI_API_KEYfrom the environment or a.envfile. These commands are carefully constructed with safety checks to prevent the leaking of other secrets or unintended environment variables. - [SAFE]: The core functionality is contained within
scripts/image.py, which utilizes the officialgoogle-genailibrary. The script correctly handles file system operations for reading reference images and writing generated output to the user-specified directory. - [EXTERNAL_DOWNLOADS]: The skill requires standard, verifiable Python packages (
google-genai,pillow) which are used for their intended purposes of API communication and image processing. - [SAFE]: The skill includes explicit security warnings to the agent, such as avoiding the use of
caton secret files and preventing the dumping of environment variables via bareexportcommands.
Audit Metadata