linkfox-aigc-imagegen-product

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the subprocess module to coordinate tasks between various internal scripts, such as run_one_task.py and save_brand_gene.py. These calls are used for internal orchestration and to invoke scripts within the skill's own directory.
  • [EXTERNAL_DOWNLOADS]: The code includes functionality to download product images from URLs provided in the imageUrls parameter. This is a core feature required to retrieve assets for image generation. Additionally, the documentation suggests downloading official vendor resources for troubleshooting, which is a standard practice for this ecosystem.
  • [REMOTE_CODE_EXECUTION]: The skill invokes Python scripts located in sibling directories belonging to the same vendor (e.g., linkfox-aigc-textgen and linkfox-aigc-imagegen). This modular approach is an established pattern for delegating AIGC tasks within the Linkfox platform.
  • [PROMPT_INJECTION]: The skill accepts user-supplied text for product selling points and descriptions, which are interpolated into templates for downstream text generation. While this represents an indirect prompt injection surface, the risk is mitigated by the skill's structure and explicit instructions provided to the downstream models to maintain compliance and avoid infringing content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM