image-generation
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to well-known service providers, specifically Google (
googleapis.com), OpenAI (api.openai.com), and xAI (api.x.ai). These operations are required for the skill's primary function of image generation. - [COMMAND_EXECUTION]: The instructions involve executing local shell scripts (such as
gemini.sh,openai.sh, andxai.sh) located within the${CLAUDE_PLUGIN_ROOT}/scripts/directory. These scripts act as wrappers for the documented APIs. - [CREDENTIALS_UNSAFE]: The documentation references the use of environment variables for API key management (
GEMINI_API_KEY,OPENAI_API_KEY,XAI_API_KEY). This follows standard security practices for managing secrets in automated environments. No hardcoded credentials or sensitive file paths were detected.
Audit Metadata