Skills
skills/cloudai-x/world-labs-skills/world-labs-multi-image/Gen Agent Trust Hub

world-labs-multi-image

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOW
Full Analysis
  • SAFE (SAFE): No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill is purely documentation for integrating with the World Labs 3D generation API.\n- INDIRECT_PROMPT_INJECTION (INFO): The skill ingests external image URIs and text prompts for world generation.\n
  • Ingestion points: uri field in the API payload and text_prompt parameter in the Python script.\n
  • Boundary markers: None used in the examples.\n
  • Capability inventory: Uses requests for API calls and file uploads; specifies Bash and WebFetch as allowed tools.\n
  • Sanitization: Standard API input parameters; the skill does not interpret these as local instructions.\n
  • Analysis: The ingestion surface is inherent to the 3D generation functionality and poses no risk to the host agent as inputs are passed directly to the third-party API service.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 10:28 AM