Skills
skills/volcengine/mediakit-cli/byted-mediakit-image/Gen Agent Trust Hub

byted-mediakit-image

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation in reference/shared.md instructs the user or agent to install the @volcengine/mediakit-cli package globally via the NPM registry. This is a vendor-provided tool required for the skill's functionality.
  • [COMMAND_EXECUTION]: All image processing tools (e.g., image-ocr, erase-image, enhance-image) are implemented by executing the mediakit-cli binary through the shell. The SKILL.md frontmatter explicitly requests shell permissions.
  • [DATA_EXFILTRATION]: The skill is designed to send image data (via URLs) and metadata to Volcengine's cloud infrastructure for processing. It also manages authentication via the MEDIAKIT_API_KEY environment variable and stores configuration in ~/.mediakit/config.json.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection.
  • Ingestion points: Untrusted external data, such as image_url, callback_args, client_token, and standard_erase_text, is accepted as parameters for CLI commands.
  • Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when constructing the shell commands.
  • Capability inventory: The skill has the capability to execute shell commands with user-supplied arguments (documented in reference/shared.md and individual tool files).
  • Sanitization: There are no explicit instructions for the agent to sanitize, escape, or validate user-provided strings before they are interpolated into the shell execution template.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:26 AM
Security Audit — agent-trust-hub — byted-mediakit-image