Skills
skills/countbot-ai/countbot/image-gen/Gen Agent Trust Hub

image-gen

Fail

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: A hardcoded API token was detected in the configuration file.
  • File: scripts/config.json
  • Evidence: "api_token": "ms-e6148603-7898-41aa-9509-f183687d9a18"
  • [EXTERNAL_DOWNLOADS]: The skill fetches generated images from ModelScope's official API endpoint.
  • File: scripts/generate.py
  • Evidence: urllib.request.urlretrieve(url, output_path)
  • Target: api-inference.modelscope.cn (ModelScope well-known service)
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by interpolating user-controlled prompt text into API requests.
  • Ingestion points: User-provided prompt argument in scripts/generate.py
  • Boundary markers: None present to distinguish instructions from untrusted data
  • Capability inventory: Network requests to ModelScope API and file system writes via image downloads
  • Sanitization: No sanitization or validation performed on the prompt input
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 11, 2026, 04:19 PM