pollinations-ai
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes documentation and scripts that demonstrate the execution of shell commands and Python automation for image generation and file management.
- [EXTERNAL_DOWNLOADS]: Fetches image data from the well-known service Pollinations.ai and saves the content to the local filesystem using requests and curl.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface within the proposed Multi-Agent Workflow section where generated content is processed by a downstream agent. • Ingestion points: Data enters the agent context through the analysis of the @outputs/ directory. • Boundary markers: No specific delimiters or safety instructions are defined to separate tool-generated output from agent instructions. • Capability inventory: The skill possesses file-writing capabilities and network access via the Python requests library. • Sanitization: No sanitization or validation of the generated image metadata or files is implemented prior to agent analysis.
Audit Metadata