together-images
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates legitimate image generation tasks using the official Together AI SDK and well-known platform resources.
- [EXTERNAL_DOWNLOADS]: Fetches image assets and LoRA adapters from well-known and trusted domains including Together AI, Hugging Face, Pixabay, and Pexels.
- [COMMAND_EXECUTION]: Contains scripts that write generated image data to the local file system using standard file operations. This behavior is essential for the skill's functionality and is restricted to image output.
- [PROMPT_INJECTION]: The skill defines a processing surface for user-supplied prompts and image URLs (Category 8: Indirect Prompt Injection). 1. Ingestion points: User prompts and image URLs processed in
scripts/generate_image.pyandscripts/kontext_editing.py. 2. Boundary markers: Absent; instructions do not explicitly frame external inputs with protective delimiters. 3. Capability inventory: Local file writing and network requests via standard libraries. 4. Sanitization: Scripts do not implement explicit input sanitization for file paths, relying on standard library behavior.
Audit Metadata