lovgame
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with https://llmapi.lovbrowser.com to fetch generated images, which is the primary purpose of the skill and is clearly documented.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute its bundled scripts/gen_asset.py script, which handles the network requests and file operations using only Python's standard library.
- [DATA_EXFILTRATION]: The skill sends prompts and API tokens to an external gateway. This is the intended behavior as described in the documentation and is necessary for the skill's functionality.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it interpolates user-provided prompts into requests sent to an external API.
- Ingestion points: User input provided to the prompt argument of the generation script.
- Boundary markers: None used; inputs are concatenated with natural language hints.
- Capability inventory: Uses Bash to execute the Python script and Read/Write/Edit to manage image files.
- Sanitization: No specific sanitization or filtering is applied to the user input.
Audit Metadata