ikuncode-image-gen
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill's primary functionality in scripts/generate_image.js involves reading local files and sending their Base64-encoded content to the external domain api.ikuncode.cc. While intended for image processing, this capability could be misused to transmit sensitive local files.
- [DATA_EXFILTRATION]: The generate_image.js script includes an --api-base parameter that allows the user or a malicious prompt to redirect the file data and API requests to an arbitrary, attacker-controlled server.
- [COMMAND_EXECUTION]: The skill relies on the execution of a Node.js script to perform file system operations and network requests, which are triggered by the agent through shell command invocation.
Audit Metadata