image-generation
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-defined prompts for image generation, establishing a surface for indirect prompt injection if input is derived from untrusted sources.\n
- Ingestion points: User prompts defined in SKILL.md and SKILL.toon.\n
- Boundary markers: Absent from the instruction templates.\n
- Capability inventory: Command execution via Bash and file creation via Write tools.\n
- Sanitization: No sanitization or validation of the prompt string is performed within the skill logic.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to run commands such as
claude mcp listandask-geminito manage the environment and perform image generation. These are typical operational commands for the skill's stated purpose.
Audit Metadata