Skywork Design
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The authentication script (
scripts/skywork_auth.py) utilizessubprocess.Popenwithshell=Trueto open the login URL on Windows platforms. This pattern incorporates theSKYWORK_WEB_BASEenvironment variable into a shell-executed command string, which is a common practice for opening URLs but presents a potential injection vector if the environment is not controlled. - [DATA_EXFILTRATION]: The skill transmits local image files and user prompts to the official vendor API (
api-tools.skywork.ai) for processing. This network communication targets the vendor's official infrastructure and is necessary for the core image generation and editing tasks. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by accepting untrusted user prompts and processing local images for use with a backend AI model.
- Ingestion points: User-provided command-line arguments and local image files processed in
scripts/generate_image.py. - Boundary markers: Not present in the script logic to delimit user input or warn the model about embedded instructions.
- Capability inventory: Network communication with the vendor API and local file system access for reading images and storing authentication tokens.
- Sanitization: No specific filtering or validation of the prompt text is performed before it is sent to the backend.
Audit Metadata