image-gen
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file provides instructions for the agent to execute a Node.js script using the Bash shell.
- [REMOTE_CODE_EXECUTION]: The command construction logic in SKILL.md is susceptible to command injection. It directs the agent to place an 'optimized prompt' (derived from user input) directly into a shell command:
node "<skill-path>/scripts/generate.mjs" --prompt "your optimized prompt here". An attacker can provide a prompt containing shell metacharacters (e.g., "; #) to break out of the intended command and execute arbitrary code on the host system. - [DATA_EXFILTRATION]: Through the command injection vulnerability, an attacker could read sensitive files, such as the .env files the skill is designed to search for, and exfiltrate their contents to an external server.
- [PROMPT_INJECTION]: The skill processes external user prompts to generate images. Because it lacks boundary markers and sanitization when interpolating these prompts into shell commands, it is vulnerable to indirect prompt injection that manifests as a system-level command injection.
- [EXTERNAL_DOWNLOADS]: The
generate.mjsscript performs network operations togenerativelanguage.googleapis.com. This is an official service provided by Google and is considered a safe destination for API requests.
Recommendations
- AI detected serious security threats
Audit Metadata