krea-api
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The script executes 'clawdbot config get' via subprocess.run to retrieve credentials. This introduces a runtime dependency on local system tools and potential for escalation if the config key selection were to be externalized.
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8). -- Ingestion points: 'prompt' and 'webhook_url' in krea_api.py. -- Boundary markers: Absent. -- Capability inventory: network access (urllib.request) and local command execution (subprocess.run). -- Sanitization: Absent.
- [DATA_EXFILTRATION] (LOW): User-provided prompts are sent to api.krea.ai. This is required for functionality but involves data flow to a non-whitelisted external domain.
Audit Metadata