Skills
skills/cklxx/elephant.ai/image-creation/Gen Agent Trust Hub

image-creation

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the bash tool to execute run.py to facilitate interaction with the image generation backend.
  • [EXTERNAL_DOWNLOADS]: The script fetches image assets from remote URLs returned by the Volcengine API using the urllib.request module.
  • [DATA_EXFILTRATION]: The refine function reads a local file from a user-specified path and uploads its content to the external Volcengine API. While required for image-to-image functionality, this mechanism presents a surface for data exposure if directed to process sensitive files.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface in the refine function of run.py. 1. Ingestion points: image_path argument. 2. Boundary markers: Absent for file content processing. 3. Capability inventory: File read and network transmission via POST to an external API. 4. Sanitization: No validation or escaping is performed on the file content before transmission.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 02:53 PM