image-generation

Pass

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the postplus CLI tool for system health checks (doctor) and workflow management (quote confirm). These commands are consistent with the vendor's provided environment and the skill's stated purpose.
  • [SAFE]: No malicious obfuscation, data exfiltration, or unauthorized remote code execution patterns were identified in the instructions.
  • [PROMPT_INJECTION]: The skill processes user-supplied data such as image prompts, product URLs, and descriptions. While this creates a surface for indirect prompt injection where malicious instructions could be embedded in the input data, the skill functions as a router and classifier without direct execution of that data.
  • Ingestion points: User prompts, product URLs, product facts (referenced in SKILL.md logic).
  • Boundary markers: Absent.
  • Capability inventory: Call to postplus CLI tool, handoff to image-batch-runner and other skills.
  • Sanitization: Not explicitly mentioned in instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 28, 2026, 04:13 AM
Security Audit — agent-trust-hub — image-generation