Skills
skills/civitai/civitai-gen-skill/civitai-gen/Gen Agent Trust Hub

civitai-gen

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The generate.mjs script utilizes the child_process module to execute ffmpeg for microphone recording and audio format conversion, and ffplay for optional audio playback.
  • [COMMAND_EXECUTION]: The experiment.mjs script invokes generate.mjs as a subprocess to manage bulk generation and parameter sweep workflows.
  • [EXTERNAL_DOWNLOADS]: The skill downloads generated media from Civitai's content delivery network. Additionally, the documentation suggests downloading a helper CLI script (mcp-cli.mjs) from the vendor's official domain at mcp.civitai.com.
  • [PROMPT_INJECTION]: The experiment.mjs script implements a template expansion system that ingests data from local files.
  • Ingestion points: Wildcard values are read from .txt and .json files within the wildcards/ directory or from relative paths defined by the user.
  • Boundary markers: The system uses curly brace placeholders (e.g., {color}) to identify where substitutions should occur in the prompt template.
  • Capability inventory: The skill is capable of executing local system binaries (ffmpeg, ffplay) and making authenticated network requests to the Civitai orchestration API.
  • Sanitization: The script includes a sanitizeFilename function to ensure names generated from templates are safe for the filesystem, although it does not filter the content of the expanded prompts themselves.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 08:46 PM
Security Audit — agent-trust-hub — civitai-gen