Skills
skills/meitu/meitu-skills/meitu-image-adapt/Gen Agent Trust Hub

meitu-image-adapt

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the meitu-cli tool to perform image adaptation and runs a Node.js script (oc-workspace.mjs) for output directory routing and file renaming.
  • [EXTERNAL_DOWNLOADS]: The documentation directs users to install the meitu-cli utility from the public npm registry.
  • [CREDENTIALS_UNSAFE]: Instructions are provided for the user to configure sensitive API credentials (access keys and secret keys) through the CLI's configuration interface.
  • [PROMPT_INJECTION]: The skill accepts external image URLs as input. Although these are passed to a CLI tool for processing rather than a language model prompt, the ingestion of untrusted data represents an attack surface for indirect injection if the processing tool is vulnerable.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 11:58 PM