Skills
skills/catfishw/i23dagentskill/image-to-3d/Gen Agent Trust Hub

image-to-3d

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by accepting unvalidated file paths that are subsequently read or written to by the system.\n
  • Ingestion points: The imagePath and outputPath parameters in the generate_3d_model tool within mcp.js and the CLI wrapper in bin/cli.js.\n
  • Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious content within processed files.\n
  • Capability inventory: The skill utilizes fs.readFileSync and fs.writeFileSync for file operations, and axios.post for network transmission within index.js.\n
  • Sanitization: Absent. The implementation does not perform path validation, extension checking, or directory restriction, allowing access to any file the process has permissions for.\n- [DATA_EXFILTRATION]: The skill's architecture allows for the reading of local files and their transmission to a configurable network endpoint.\n
  • In index.js, the encodeImage method reads the file at the provided imagePath into a buffer and converts it to base64.\n
  • The generateModel method then transmits this data via a POST request to the configured baseUrl.\n
  • While the default endpoint is localhost, the ability to override this via environment variables or CLI flags enables the potential exfiltration of data to external servers if the agent is misdirected.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 07:25 AM