gemini-image
Warn
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions in references/image-upload.md direct the agent to upload local image files to third-party hosting services like catbox.moe and litterbox.catbox.moe. This results in local user data being transmitted to external infrastructure.
- [COMMAND_EXECUTION]: In SKILL.md, user-provided prompt text from $ARGUMENTS is interpolated directly into a curl command executed via the Bash tool. The lack of escaping or sanitization for shell-sensitive characters in the user input allows for potential command injection attacks.
- [EXTERNAL_DOWNLOADS]: The skill uses external file-hosting services (catbox.moe) to facilitate image generation tasks. These services are public and represent a risk to data privacy as files are uploaded to servers outside the control of the user or the primary service provider.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. 1. Ingestion point: User prompt via $ARGUMENTS in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash(curl) tool execution. 4. Sanitization: Absent. The untrusted input is interpolated into sensitive tool calls without delimiters or escaping to prevent malicious instructions from influencing the command execution environment.
Audit Metadata