Skills
skills/8b-is/8b-is-mp/gemini-imagegen/Gen Agent Trust Hub

gemini-imagegen

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Path Traversal Vulnerability. The scripts generate_image.py, edit_image.py, and compose_images.py take an output path directly from command-line arguments and pass it to PIL.Image.save() without validation. Evidence: image.save(output_path) in multiple files. Risk: An attacker could overwrite sensitive files (e.g., .bashrc, .ssh/authorized_keys) if the agent is induced to provide a malicious path.
  • [PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection Surface. The skill accepts free-text instructions that are interpolated directly into the Gemini API request. Ingestion points: prompt and instruction parameters in all Python scripts. Boundary markers: Absent. Capability inventory: File system write operations and network access (Gemini API). Sanitization: Absent. Risk: If the agent processes data from untrusted sources, an attacker could inject instructions to manipulate the image generation process or create deceptive content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:56 PM