Skills
skills/skillssh/skills/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the belt CLI tool (via Bash) to perform tasks such as user authentication (belt login) and executing image generation applications. These commands are run in the local environment to interact with the inference.sh platform.
  • [EXTERNAL_DOWNLOADS]: The skill references external resources for setup and documentation, including installation instructions hosted on GitHub (raw.githubusercontent.com/inference-sh/skills/) and the vendor's domain (inference.sh). It also recommends installing additional skill components using the npx skills add command.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) where untrusted data is processed:
  • Ingestion points: User-provided image prompts are accepted and interpolated into various shell command examples (e.g., belt app run ... --input '{"prompt": "<user_prompt>"}').
  • Boundary markers: The instructions use single quotes to wrap the JSON input string, which can be escaped by malicious user input containing single quotes.
  • Capability inventory: The skill has access to the Bash tool to execute the belt CLI.
  • Sanitization: There are no instructions or automated steps provided to sanitize or escape user-provided text before it is inserted into the shell command string, creating a potential command injection vector.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 03:58 AM
Security Audit — agent-trust-hub — ai-image-generation