Skills
skills/bytedance/agentkit-samples/image-generate/Gen Agent Trust Hub

image-generate

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/image_generate.py downloads generated image files from remote URLs provided by the API. These URLs resolve to ByteDance's trusted infrastructure (volces.com).
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user input.
  • Ingestion points: User-provided text descriptions (prompt) and external reference image URLs (image) passed via the tasks parameter.
  • Boundary markers: No specific delimiters or 'ignore' instructions are applied to these inputs before they are transmitted to the backend API.
  • Capability inventory: The implementation script performs network POST requests to the generation API, network GET requests to download images, and writes binary data to the local filesystem.
  • Sanitization: No validation or sanitization is performed on the input prompts or the URLs before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:07 PM