zimage-skill
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to perform an installation from an external GitHub repository (
https://github.com/yizhiyanhua-ai/zimage-skill) which is not part of the trusted vendor list, representing an unverified third-party code source. - [COMMAND_EXECUTION]: The skill is configured to execute a Python script (
generate.py) through the Bash tool using user-provided natural language prompts as command-line arguments. - [NO_CODE]: The main executable script (
generate.py) that handles API requests and image generation is missing from the analyzed files, making it impossible to verify how the skill handles the ModelScope API key or user data.
Audit Metadata