image-generation
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads generated images from remote URLs provided by the API response using Python's
urllib.request.urlopen. This is a standard requirement for image providers that return signed URLs (like Flux or OpenAI), but it relies on the integrity of the vendor's API response. - [COMMAND_EXECUTION]: The skill executes shell commands (
curl) to interact with the Letta API and runs an inline Python script to process the resulting JSON data and handle image storage. These operations are performed within the agent's execution environment. - [PROMPT_INJECTION]: The skill exhibits an indirect injection surface when processing data from the external image generation API:
- Ingestion points: Data is ingested from the
image-response.jsonfile, which contains the output of thePOST /v1/images/generationsAPI call. - Boundary markers: No explicit delimiters or boundary markers are used when parsing the API response.
- Capability inventory: The skill possesses the ability to read from network/local URLs (
urllib.request.urlopen) and write files to the local system (open(..., "wb")). - Sanitization: The provided Python script does not validate the URL scheme or domain of the
image["url"]field before opening it. If the API response were compromised or manipulated, this could lead to SSRF or access to local files via thefile://scheme.
Audit Metadata