image-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed around the execution of the
image-mcpCLI tool to perform image-related tasks. It includes instructions for running various subcommands such ascreate,edit,login, anddoctorto manage the image generation lifecycle. - [DATA_EXFILTRATION]: The skill documentation notes that local file paths provided to the
image-mcp editcommand are automatically uploaded to the Image MCP service. This is a standard functional requirement for remote image editing services and is clearly documented as part of the workflow. - [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by taking user-provided text and interpolating it into CLI commands (e.g.,
image-mcp create "<prompt>"). - Ingestion points: User-provided generation prompts and local file paths/URLs in
SKILL.mdandreferences/cli-usage.md. - Boundary markers: The instructions recommend wrapping prompts in double quotes within the CLI commands.
- Capability inventory: The
image-mcpCLI tool possesses network communication capabilities and the ability to read local files for uploading. - Sanitization: There are no explicit instructions for the agent to sanitize or validate the content of the user prompts before passing them to the CLI.
Audit Metadata