zimage-skill
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'requests' and 'Pillow' packages from the official Python Package Index (PyPI), which are well-known and standard libraries for the skill's stated purpose.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run a local Python script ('generate.py') to process image generation requests.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing untrusted user input as an image generation prompt. Ingestion points: The 'prompt' argument in the execution command defined in SKILL.md. Boundary markers: Usage examples indicate the use of double quotes for the prompt string. Capability inventory: The skill has access to Bash, Write, and Read tools to perform its functions. Sanitization: No specific sanitization or filtering is described in the provided markdown files; the security of the operation relies on the agent's tool-execution guardrails and the underlying implementation of the script.
Audit Metadata