image-editor
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The SKILL.md documentation explicitly instructs the agent to set 'safety_tolerance' to '6' for 'maximum creative freedom.' This is a directive to lower or bypass safety filters designed to prevent the generation of harmful or restricted content.
- [COMMAND_EXECUTION] (MEDIUM): The scripts 'fal_generate.py', 'fal_utils.py', and the 'credentials.example.json' contain relative path references ('../../../') targeting files outside the skill's own directory. This indicates the skill is designed to interact with and potentially execute code from the parent filesystem, breaking the encapsulation of the skill and creating a risk of unauthorized file access or execution.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data including external 'image_urls' and user-provided 'prompt' strings.
- Ingestion points: 'prompt' parameter and 'image_urls' in SKILL.md.
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: Uses 'Bash' to execute 'scripts/fal_generate.py' and 'Write' to save image outputs.
- Sanitization: Absent. No evidence of validation or sanitization for external URLs or prompt contents.
Audit Metadata