get-images
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by instructing the agent to read local project files and automatically generate prompts based on their content.
- Ingestion points: The agent reads user project files such as Next.js source code, MDX blog posts, and HTML templates to "infer" appropriate image prompts and storage locations (found in SKILL.md and references/workflows.md).
- Boundary markers: The instructions lack specific requirements for using delimiters or adding safety headers when interpolating data from files into the generation tool's prompt.
- Capability inventory: The agent can spend user credits via the getimages_generate_image tool, execute shell commands (curl, python, rm), and modify local project files.
- Sanitization: There are no explicit instructions to sanitize or validate text extracted from the project environment before it is passed to the image generation model.
- [COMMAND_EXECUTION]: The skill uses local shell commands to download and process images.
- Evidence: SKILL.md and references/workflows.md instruct the agent to use
curlto download images from signed URLs andpythonto execute a local optimization script. - Context: These operations are directly tied to the skill's primary purpose of image generation and optimization. The optimization script (scripts/optimize_for_web.py) uses the standard Pillow library to perform resizing and format conversion.
Audit Metadata