image-generation
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill uses instructional markers like "MANDATORY" and "CRITICAL" in its documentation to direct the agent's behavior regarding file destination handling and the inclusion of specific layout instructions for RTL languages. These are implemented as operational guidelines for intended functionality rather than security bypasses.
- [COMMAND_EXECUTION]: The skill executes local TypeScript scripts using
npx tsxto perform media generation, file system operations, and API communication. - [EXTERNAL_DOWNLOADS]: The scripts download generated image and video content from the official endpoints of well-known services (fal.ai and x.ai) to the user's local filesystem.
- [DATA_EXFILTRATION]: Local image files specified by the user as reference assets are uploaded to Google and fal.ai servers for processing, which is the primary purpose of the image editing features.
- [INDIRECT_PROMPT_INJECTION]: The skill has a vulnerability surface where user-supplied prompts are interpolated into external API calls.
- Ingestion points: User-provided text prompts and local file paths provided via command-line arguments to
generate_poster.tsandgenerate_video.ts. - Boundary markers: None identified; prompt strings are sent directly to the model APIs.
- Capability inventory: The scripts have permissions to write files to the disk and initiate network connections to generation providers.
- Sanitization: There is no evidence of input sanitization or filtering of the prompt text prior to transmission.
Audit Metadata