Skills
skills/meitu/meitu-skills/meitu-cutout/Gen Agent Trust Hub

meitu-cutout

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs shell commands using user-supplied inputs, such as file paths or URLs, within the meitu image-cutout --image {image_url_or_path} command. If a user provides input containing shell metacharacters (e.g., ; rm -rf /), it could lead to arbitrary command execution on the host environment.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of meitu-cli via a package manager. This tool is necessary for the skill's operation and is provided by the identified vendor.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for the agent to guide users in configuring API credentials (OPENAPI_ACCESS_KEY, OPENAPI_SECRET_KEY). This is a standard configuration procedure for the associated service and does not involve hardcoded secrets within the skill files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 11:58 PM