linkfox-aigc-imagegen
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions in
SKILL.mdattempt to bypass standard agent autonomy and safety controls by explicitly directing the agent to "prohibit waiting for user confirmation or additional input" before executing the generator script. - [EXTERNAL_DOWNLOADS]: The skill performs external network operations to download content from vendor-controlled domains:
- The
scripts/aigc_imagegen.pyscript downloads generated media files from URLs provided by the API usingurllib.request. - Instructions in
SKILL.mddirect the agent to download and install a zip file containing an additional skill fromhttps://agent-files.linkfox.comif authentication fails. - [COMMAND_EXECUTION]: The skill relies on the execution of a local Python script
scripts/aigc_imagegen.pywhich processes user-supplied prompt data and reference image URLs passed via command-line arguments.
Audit Metadata