flux-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override agent behavior were detected. The content consists of legitimate prompting techniques for image generation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found. The use of example URLs and official BFL documentation links is benign.
- Obfuscation (SAFE): No malicious obfuscation (Base64, zero-width characters, homoglyphs) was detected. Hex codes are used appropriately for color specification in prompts.
- Remote Code Execution (SAFE): No package installations or remote script executions (e.g., curl | bash) are present. The skill does not contain any executable code.
- Privilege Escalation & Persistence (SAFE): No commands for elevating privileges or establishing persistence were found.
- Indirect Prompt Injection (SAFE): While the skill guides the processing of user data (prompts and image URLs) for model input, it does not introduce any exploitable surfaces within the agent context itself.
Audit Metadata