image-generation
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
postplusCLI tool for system health checks (doctor) and workflow management (quote confirm). These commands are consistent with the vendor's provided environment and the skill's stated purpose. - [SAFE]: No malicious obfuscation, data exfiltration, or unauthorized remote code execution patterns were identified in the instructions.
- [PROMPT_INJECTION]: The skill processes user-supplied data such as image prompts, product URLs, and descriptions. While this creates a surface for indirect prompt injection where malicious instructions could be embedded in the input data, the skill functions as a router and classifier without direct execution of that data.
- Ingestion points: User prompts, product URLs, product facts (referenced in
SKILL.mdlogic). - Boundary markers: Absent.
- Capability inventory: Call to
postplusCLI tool, handoff toimage-batch-runnerand other skills. - Sanitization: Not explicitly mentioned in instructions.
Audit Metadata