image-edit-skill

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the image editing description provided by the user.
  • Ingestion points: The editDescription parameter, provided by the user via the editImage API, is used in the cloudfunctions/image-edit-handler/ai/edit.js file.
  • Boundary markers: There are no markers or delimiters used to separate user instructions from the system prompt template. The code concatenates user input directly: `基于以下编辑要求修改图片内容:${editDescription}。保持原图主要内容不变。`.
  • Capability inventory: The skill's backend has the ability to fetch data from arbitrary URLs via https.get and store files in cloud storage using cloud.uploadFile.
  • Sanitization: The skill does not sanitize or validate the user's input before including it in the prompt, relying on the model's own filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 01:40 PM
Security Audit — agent-trust-hub — image-edit-skill