beaver-image-gen
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell command execution to interact with Google APIs when a proxy is detected.
- Evidence: In
scripts/providers/google.ts, thepostGoogleJsonViaCurlfunction usesexecSyncto run acurlcommand. The command string is constructed using environment variables (HTTPS_PROXY,ALL_PROXY, etc.) without sanitization. If these variables contain shell metacharacters or quotes, it could lead to arbitrary command execution. - [EXTERNAL_DOWNLOADS]: The skill communicates with several external AI service providers to generate and retrieve image data.
- Evidence: The scripts make network requests to official endpoints for Google Gemini, OpenAI, Alibaba DashScope, and Replicate. These are well-known technology services used for their intended purpose in this skill.
- [CREDENTIALS_UNSAFE]: The skill is configured to load API credentials from local environment files.
- Evidence:
scripts/main.tsincludes aloadEnvfunction that reads.envfiles from the current project directory (.beaver-skill/.env) and the user's home directory (~/.beaver-skill/.env) to populate process environment variables with API keys. - [PROMPT_INJECTION]: The skill processes external data that could contain indirect prompt injections.
- Evidence: The skill ingests untrusted data via
--promptfilesand--refparameters. While it stringifies this data for JSON API payloads, it lacks explicit boundary markers or sanitization to prevent the generated image models from following instructions embedded in the provided text or image metadata.
Audit Metadata