Skills
skills/cklxx/elephant.ai/image-creation/Gen Agent Trust Hub

image-creation

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads generated image data from the Volcengine ARK API via the _extract_image_bytes function using standard Python HTTP libraries. The downloads target a well-known service endpoint.
  • [DATA_EXFILTRATION]: The refine operation reads local file data from a user-specified image_path and transmits it as a base64-encoded payload to the Volcengine API. This is the intended behavior for image-to-image processing.
  • [COMMAND_EXECUTION]: The skill requires the bash and write tools to execute its logic and save generated files. It uses Path.write_bytes to persist images to the local filesystem, defaulting to the /tmp directory.
  • [PROMPT_INJECTION]: The skill provides a surface for processing untrusted data.
  • Ingestion points: Ingests local files via the image_path argument in the refine function and natural language instructions via the prompt argument (run.py).
  • Boundary markers: No delimiters or instructions to ignore embedded content are present when passing data to the API.
  • Capability inventory: Includes network access to Volcengine endpoints and file system write access (run.py).
  • Sanitization: Validates image dimensions and basic types, but does not perform content validation or sanitization on input files or prompt text before transmission.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 11:52 AM