generate-images
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
uv runwith user-provided text as arguments. Specifically, prompts for image generation and instructions for editing are interpolated into a command string. The lack of guidance for sanitizing or escaping these inputs presents a risk of command injection, where a user could potentially execute arbitrary system commands by including shell metacharacters in their request. - [DATA_EXFILTRATION]: The skill identifies and accesses sensitive file paths on the local system. It explicitly references
~/.claude/settings.jsonfor API key verification and searches the~/.claude/images/directory for personal reference images. Accessing these specific paths involving credentials and personal data constitutes an exposure risk, although the operations are intended for the skill's primary functionality.
Audit Metadata