Skills
skills/b-open-io/gemskills/edit-image/Gen Agent Trust Hub

edit-image

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The script scripts/edit.ts uses dynamic import() to load dependencies from paths calculated at runtime. It attempts to locate the plugin root by checking process.env.GEMSKILLS_ROOT and searching through .claude/plugins/installed_plugins.json and cache directories. Dynamic loading from non-static paths is a notable execution surface.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The script scripts/edit.ts reads the content of ~/.claude/plugins/installed_plugins.json and lists directories in ~/.claude/plugins/cache/ to resolve paths. Accessing hidden configuration files in the user's home directory is a sensitive operation.
  • [INDIRECT_PROMPT_INJECTION]: The skill incorporates user-provided text into model prompts without sanitization, creating a surface for indirect prompt injection.
  • Ingestion points: The prompt and inputPath (image path) parameters in scripts/edit.ts.
  • Boundary markers: None identified; user input is passed directly to utility functions.
  • Capability inventory: The script can write files to the local disk via the saveImage function in scripts/edit.ts.
  • Sanitization: No validation or escaping is applied to the input text before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 04:02 AM