zimage-skill
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation directs users to install the tool from a third-party GitHub repository (https://github.com/yizhiyanhua-ai/zimage-skill). This source is not part of the trusted vendors list and is not the official repository for the ModelScope service.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute its core Python script (generate.py) and to install necessary Python dependencies via pip.
- [CREDENTIALS_UNSAFE]: The skill relies on an API key (MODELSCOPE_API_KEY) and instructs users to store it in environment variables or configuration files, which are then read by the skill's scripts.
- [PROMPT_INJECTION]: The skill processes user-provided natural language to generate images, creating a surface for indirect prompt injection if the agent is instructed to use this skill on untrusted external content.
- Ingestion points: User prompts passed as arguments to the generate.py script.
- Boundary markers: There are no explicit delimiters or instructions defined to prevent the agent from interpreting instructions embedded within the user prompt.
- Capability inventory: The skill possesses Bash (execution), Write (saving images), and Read (configuration access) capabilities.
- Sanitization: No input validation or sanitization mechanisms are described in the provided skill definition.
Audit Metadata