Skills
skills/crazymsn/academic-skills/generate-image/Gen Agent Trust Hub

generate-image

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied text prompts and image files which are sent to a remote AI model, creating a surface for indirect prompt injection.
  • Ingestion points: User-provided prompt CLI argument and local image files (--input) in scripts/generate_image.py.
  • Boundary markers: Absent. User content is sent to the API without delimiters or warnings.
  • Capability inventory: Network operations via requests.post to openrouter.ai and local file writes to save images.
  • Sanitization: Absent. Prompts and images are sent to the remote model without validation or escaping.
  • [DATA_EXFILTRATION]: The script scripts/generate_image.py reads the .env file to retrieve the OPENROUTER_API_KEY. This is a standard method for credential management. The script also reads local image files provided by the user via command-line arguments. Network communication is directed to the well-known service openrouter.ai.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the requests library for communicating with the OpenRouter API. While this is an external dependency, it is a standard library for network operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 09:23 AM
Security Audit — agent-trust-hub — generate-image