image-generation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill depends on 'z-ai-web-dev-sdk', an untrusted package. Automated scans detected a blacklisted malicious URL ('this.ca') associated with the skill's components, indicating a significant risk of malware or supply chain attack.
- [COMMAND_EXECUTION] (MEDIUM): The use of 'fs.writeFileSync' with an unsanitized 'outFile' parameter allows for path traversal. This could permit an attacker to overwrite arbitrary files on the local system if they can control the destination path.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata