nsfw-content-generation
Warn
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to disable safety filters by setting the "enable_safety_checker" parameter to "false". This is designed to bypass standard content guidelines and safety constraints to facilitate the generation of adult-themed content.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted user data.\n
- Ingestion points: The "message" and "image_urls" parameters in "SKILL.md".\n
- Boundary markers: None; user-provided strings and URLs are interpolated directly into API request bodies without delimiters.\n
- Capability inventory: Performs network operations via "curl" to the vendor API at "https://sense.eachlabs.run".\n
- Sanitization: No input sanitization or validation logic is present in the skill instructions.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates network communication with the "eachlabs.run" domain for content generation and references documentation on "eachlabs.ai". It also allows for the ingestion of remote images through the "image_urls" array, which involves downloading data from external, user-controlled URLs.\n- [COMMAND_EXECUTION]: The documentation provides multiple shell command examples using "curl". These examples demonstrate how to make network requests and utilize environment variables for authentication.
Audit Metadata