Skills
skills/jau123/meigen-art/AI Image Generator & Editor — Nanobanana, GPT Image, ComfyUI/Gen Agent Trust Hub

AI Image Generator & Editor — Nanobanana, GPT Image, ComfyUI

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the meigen package from the NPM registry at a pinned version (1.2.4).
  • Evidence: The skill configuration uses npx -y meigen@1.2.4 to initialize the MCP server.
  • [COMMAND_EXECUTION]: Executes shell commands to run the image generation server and perform tool calls.
  • Evidence: Command definitions in SKILL.md use npx and mcporter to execute the underlying logic.
  • [PROMPT_INJECTION]: Contains a surface for indirect prompt injection as it interpolates user input and external gallery data into its workflow.
  • Ingestion points: Processes untrusted data via generate_image prompts, enhance_prompt descriptions, and search_gallery results from external sources.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill has network access to communicate with multiple AI providers (meigen.ai, together.xyz) and local ComfyUI instances, and it can read/write local configuration files.
  • Sanitization: No sanitization or validation of the ingested prompt strings or external metadata is specified in the file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:48 AM
Security Audit — agent-trust-hub — AI Image Generator & Editor — Nanobanana, GPT Image, ComfyUI