cola-avatar-pack
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts and shell commands to manage its environment and process images. These commands are well-guarded; for example, user-provided names are validated against a strict regular expression to prevent command injection. Subprocess calls in the Python script use argument lists rather than shell strings, preventing shell-level exploits.
- [DATA_EXFILTRATION]: No sensitive information is transmitted to external servers. Network activity is restricted to downloading image assets generated by the agent's internal tools and installing standard dependencies from official registries.
- [PROMPT_INJECTION]: Instructions for building image prompts incorporate user data (like names and personality traits) only after sanitization. The skill includes explicit checks to prevent the injection of shell meta-characters or path traversal sequences into the generation pipeline.
- [EXTERNAL_DOWNLOADS]: The skill manages dependencies like Pillow and rembg through standard package managers. Image downloads are directed to URLs generated by the agent's own image generation capabilities.
Audit Metadata