Skills
skills/agentbay-ai/agentbay-skills/qwen-image/Gen Agent Trust Hub

qwen-image

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted user prompts and external API responses without adequate boundary markers or sanitization.\n
  • Ingestion points: The --prompt CLI argument in generate_image.py and the image_url field returned from the DashScope API response.\n
  • Boundary markers: Absent; the user input is interpolated directly into the API request payload.\n
  • Capability inventory: The script generate_image.py performs network requests (requests.post, requests.get) and writes data to the local filesystem (open(..., 'wb')).\n
  • Sanitization: None; the skill relies on the remote API provider for safety filtering.\n- Data Exposure (LOW): The SKILL.md instructions guide the agent to search for API keys in ~/.openclaw/openclaw.json. This is a sensitive configuration file that typically contains credentials for multiple AI providers. Instructing an agent to read this file increases the risk of credential exposure beyond what is necessary for this specific skill.\n- Security Best Practice Violation (LOW): The generate_image.py script includes a --no-verify-ssl flag that, if enabled, disables SSL certificate verification for image downloads, exposing the process to Man-In-The-Middle (MITM) attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:48 PM