Skills
skills/floracat526/floracat-skills/floracat-image-gen/Gen Agent Trust Hub

floracat-image-gen

Warn

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The main script implements dynamic module loading using import() to load provider implementations based on user configuration or detection at runtime.
  • [COMMAND_EXECUTION]: The Google provider logic executes the curl binary using execFileSync to perform network operations when an HTTP proxy is detected in the environment.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local files including .env files and configuration metadata in the user's home and project directories to retrieve API keys and preferences.
  • [DATA_EXFILTRATION]: The skill transmits local file content (reference images and prompt files) to external AI provider endpoints for generation processing.
  • [PROMPT_INJECTION]: The skill processes untrusted prompt data from external files and user input, presenting a surface for indirect prompt injection. Ingestion points: Content from files specified via --promptfiles and the --prompt argument. Boundary markers: Absent. Capability inventory: Subprocess execution (execFileSync), network communication (fetch), and local file writing (writeFile). Sanitization: No validation or escaping is applied to prompt content before transmission to APIs.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 24, 2026, 02:37 AM
Security Audit — agent-trust-hub — floracat-image-gen