linkfox-aigc-imagegen

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md attempt to bypass standard agent autonomy and safety controls by explicitly directing the agent to "prohibit waiting for user confirmation or additional input" before executing the generator script.
  • [EXTERNAL_DOWNLOADS]: The skill performs external network operations to download content from vendor-controlled domains:
  • The scripts/aigc_imagegen.py script downloads generated media files from URLs provided by the API using urllib.request.
  • Instructions in SKILL.md direct the agent to download and install a zip file containing an additional skill from https://agent-files.linkfox.com if authentication fails.
  • [COMMAND_EXECUTION]: The skill relies on the execution of a local Python script scripts/aigc_imagegen.py which processes user-supplied prompt data and reference image URLs passed via command-line arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM