Skills
skills/tangyang/skills/meitu-ai/Gen Agent Trust Hub

meitu-ai

Fail

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-controlled inputs (request, image_path, route) directly into a shell command string (python3 scripts/dispatch.py ...). This allows for arbitrary command execution if the input contains shell metacharacters like semicolons or pipes.
  • [EXTERNAL_DOWNLOADS]: The installation instructions recommend using pipx install meitu-cli and installing from arbitrary local paths. These sources are not verified or recognized as trusted organizations, posing a risk of executing malicious third-party code.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing freeform user requests that influence script execution.
  • Ingestion points: The request parameter in SKILL.md allows arbitrary user input.
  • Boundary markers: None; the skill lacks delimiters or specific instructions to the agent to ignore embedded commands within the request data.
  • Capability inventory: The skill possesses the capability to execute shell commands and access the local file system.
  • Sanitization: No sanitization or escaping of the user input is performed before it is passed to the shell environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 23, 2026, 08:48 AM