world-labs-image-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill includes Bash (curl) and Python code snippets for interacting with an external API. These are standard integration examples for the intended functionality.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were found. The documentation correctly uses placeholders like 'YOUR_API_KEY' for authentication headers.
- [DATA_EXFILTRATION] (SAFE): Network operations are directed towards official service endpoints (api.worldlabs.ai) and reputable cloud storage (storage.googleapis.com). No evidence of sensitive data harvesting was detected.
- [REMOTE_CODE_EXECUTION] (SAFE): The code provided is static documentation. It does not perform dynamic code execution or download scripts for immediate execution.
- [PROMPT_INJECTION] (LOW): The skill includes a 'text_prompt' field which is a standard interface for image generation. While it represents a surface for user-controlled input, it is consistent with the primary purpose of the tool.
Audit Metadata