Skills
skills/renatoasse/opensquad/image-ai-generator/Gen Agent Trust Hub

image-ai-generator

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill takes user-provided text through the --prompt argument and interpolates it directly into the natural language request sent to the AI model in scripts/generate.py. This creates a surface for prompt injection where a user could potentially influence model behavior or bypass safety filters.
  • [COMMAND_EXECUTION]: The SKILL.md frontmatter defines an invoke command that interpolates the {prompt} variable into a shell command: python3 {skill_path}/scripts/generate.py --prompt "{prompt}". This pattern is vulnerable to command injection if the underlying platform does not properly escape shell metacharacters in the user-supplied prompt string.
  • [EXTERNAL_DOWNLOADS]: The script makes network requests to https://openrouter.ai/api/v1/chat/completions to generate images. This is a legitimate use of a well-known AI service for the skill's primary function.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface Detection:
  • Ingestion points: User-supplied strings via the --prompt argument and content from JSON files processed via the --batch flag in scripts/generate.py.
  • Boundary markers: Absent. The prompt is concatenated directly into the API request payload without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has the ability to write files to arbitrary local paths (via --output) and perform network operations (OpenRouter API).
  • Sanitization: No validation, escaping, or filtering is performed on the input strings before they are sent to the model or processed by the script.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:15 PM