Skills
skills/picsart/gen-ai-skills/product-photo-studio/Gen Agent Trust Hub

product-photo-studio

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides an installation command for the Picsart gen-ai CLI that fetches a script from the vendor's official domain: https://picsart.com/gen-ai-cli/install.sh. This is a standard deployment method for the toolset described.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the gen-ai CLI tool to perform authentication (gen-ai login), image generation (gen-ai generate), and batch processing (gen-ai batch). It also uses shell utilities like curl, jq, and ls for environment setup and output verification.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external data which could potentially contain malicious instructions.
  • Ingestion points: User-provided image paths, text prompts, and structured manifest files (catalog.json, manifest.json) across all mode reference files.
  • Boundary markers: The skill uses command-line arguments (e.g., -p "<prompt>") to pass user input to the underlying CLI tool.
  • Capability inventory: The skill executes shell commands, performs network authentication, and manages local files through the gen-ai CLI and standard Unix utilities.
  • Sanitization: The provided instructions do not specify explicit sanitization or validation of the input strings before they are passed to the CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 12:52 AM
Security Audit — agent-trust-hub — product-photo-studio