Skills
skills/inference-sh-9/skills/qwen-image-2/Gen Agent Trust Hub

qwen-image-2

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to run the infsh CLI tool to interface with image generation models. This use of tools is explicitly defined and limited in the skill's metadata frontmatter.
  • [EXTERNAL_DOWNLOADS]: The instructions reference documentation and additional skills located in the inference-sh GitHub organization. These are official resources provided by the skill's authoring vendor.
  • [PROMPT_INJECTION]: The skill accepts user-defined prompts and image URLs as input for generation and editing. The use of structured JSON input serves as a boundary to separate user content from the tool's command execution logic.
  • Ingestion points: User-supplied JSON in the input parameter of infsh app run (SKILL.md).
  • Boundary markers: JSON object key-value structure.
  • Capability inventory: Execution of the infsh command via Bash.
  • Sanitization: The skill relies on the inference.sh platform's handling of the prompt strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 09:27 AM
Security Audit — agent-trust-hub — qwen-image-2