image-edit-skill
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the image editing description provided by the user.
- Ingestion points: The
editDescriptionparameter, provided by the user via theeditImageAPI, is used in thecloudfunctions/image-edit-handler/ai/edit.jsfile. - Boundary markers: There are no markers or delimiters used to separate user instructions from the system prompt template. The code concatenates user input directly:
`基于以下编辑要求修改图片内容:${editDescription}。保持原图主要内容不变。`. - Capability inventory: The skill's backend has the ability to fetch data from arbitrary URLs via
https.getand store files in cloud storage usingcloud.uploadFile. - Sanitization: The skill does not sanitize or validate the user's input before including it in the prompt, relying on the model's own filters.
Audit Metadata