Skills
skills/toolshell/skills/og-image-design/Gen Agent Trust Hub

og-image-design

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the belt command-line interface to authenticate users and execute image generation tasks.\n- [EXTERNAL_DOWNLOADS]: The skill references external installation documentation for the belt CLI hosted on GitHub at https://raw.githubusercontent.com/inference-sh/skills/refs/heads/main/cli-install.md.\n- [REMOTE_CODE_EXECUTION]: The skill triggers the execution of remote applications and models (e.g., html-to-image, flux-dev-lora) via the belt platform.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) where untrusted input could influence image generation.\n
  • Ingestion points: Untrusted content can be introduced via the HTML and prompt strings passed to the belt app run command.\n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are included in the command templates.\n
  • Capability inventory: The skill executes shell commands to interact with image generation services on the inference.sh platform.\n
  • Sanitization: The skill does not perform sanitization or escaping of user-provided content before interpolation into the CLI commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 06:35 PM
Security Audit — agent-trust-hub — og-image-design