image-generation
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the "Bash" tool to execute its core functionality via "uv run" commands. The "generate" command accepts a "prompt" argument sourced from user input. This creates a risk of command injection if the agent fails to sanitize or escape shell-metacharacters when constructing the command line for execution.
- [DATA_EXFILTRATION]: The implementation in "scripts/imggen/provider.py" automatically downloads image data from URLs provided in the response from external APIs. This behavior could be exploited by a malicious API provider to perform Server-Side Request Forgery (SSRF) or to track the agent's activity.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user data without sufficient safeguards.
- Ingestion points: The "prompt" argument in "SKILL.md" and the "prompt" parameter in "scripts/imggen/cli.py".
- Boundary markers: Absent; the instructions do not employ delimiters or warnings to ignore instructions embedded within the user's prompt.
- Capability inventory: Uses the "Bash" tool for script execution, performs network operations via "httpx", and writes files to the local system in "scripts/imggen/provider.py".
- Sanitization: Absent; the input prompt is passed directly to command-line arguments and API requests without validation or escaping.
Audit Metadata