ormus-illustrator
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local command execution as its primary interface, invoking Python scripts (
generate.py,replicate.py,midjourney.py,pixellab.py) to process user requests. These commands are executed within the user's local environment to interact with external AI services. - [SAFE]: Prompt interpolation for image generation is handled using double quotes in the command examples, which helps prevent basic shell command injection. The skill relies on standard platform capabilities for its intended purpose.
- [SAFE]: Authentication procedures, such as using the
gcloudCLI for Gemini or environment variables for PixelLab, are documented clearly and follow established security best practices for credential management. - [SAFE]: No evidence of obfuscation, data exfiltration, or unauthorized privilege escalation was found in the skill metadata or instructional content.
Audit Metadata