iflytek-image-understanding
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill accesses local image files and environment variables (
IFLY_APP_ID,IFLY_API_KEY,IFLY_API_SECRET) solely for the purpose of authentication and providing image analysis services via the iFlytek API. These actions are transparently documented and align with the tool's primary purpose. - [SAFE]: The implementation is restricted to Python's standard library (
socket,ssl,hmac,hashlib, etc.), which eliminates risks associated with unverifiable third-party dependencies or remote code execution. - [PROMPT_INJECTION]: The skill accepts user-supplied text questions to accompany image analysis. While this creates an indirect prompt injection surface common in vision-language tasks, the risk is negligible as the skill lacks any capabilities (such as shell execution, file system writes, or sensitive data access beyond its own credentials) that could be leveraged by an attacker.
Audit Metadata