image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
curlto download the generated image. This is a standard and safe operation as it targets the output URL generated by the trusted ModelScope API. - [COMMAND_EXECUTION]: The skill requires the execution of a local script (
./generate.mjs) to interact with the API. The script is part of the skill's own package and performs standard HTTP requests to ModelScope's infrastructure. - [CREDENTIALS_UNSAFE]: The script properly handles authentication by retrieving the
MODELSCOPE_API_KEYfrom an environment variable rather than hardcoding it, which is a recommended security practice. - [DATA_EXFILTRATION]: Network operations are restricted to
api-inference.modelscope.cn, which is the official endpoint for the ModelScope service, a well-known AI platform.
Audit Metadata