image-generator-sd-webui

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local bash scripts to execute curl commands for interacting with a Stable Diffusion WebUI API. This is the core functionality of the skill and is implemented using standard shell scripting practices including robust error handling and temporary file cleanup.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation mentions a helper tool for image format conversion available on the author's GitHub profile (https://github.com/jim60105/sd-image-format-converter). This is an optional, manually installed dependency recommended for advanced formatting and is not automatically downloaded or executed by the skill.
  • [DATA_EXFILTRATION]: While the skill transmits prompt data and potentially credentials (via HTTP Basic Auth) to an external API endpoint, this is restricted to the user-configured SD_WEBUI_URL environment variable. The use of environment variables for authentication is a standard practice for managing secrets and does not constitute unauthorized data exposure.
  • [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it processes strings from an external API (e.g., model titles, style names). These strings are subsequently used in API requests. However, the risk is mitigated by the use of jq for structured data parsing and the primary use-case of connecting to a user-controlled server.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 05:02 PM
Security Audit — agent-trust-hub — image-generator-sd-webui