Skills
skills/digitalsamba/claude-code-video-toolkit/qwen-edit/Gen Agent Trust Hub

qwen-edit

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Command Execution] (MEDIUM): The skill relies on a local CLI tool located at tools/image_edit.py to perform its tasks. Multiple files, including SKILL.md and parameters.md, demonstrate usage where user-controlled parameters (prompts and file paths) are passed directly as command-line arguments. This creates a surface for command injection if the script utilizes unsafe execution methods like os.system or subprocess.run(shell=True) without rigorous sanitization.
  • [Indirect Prompt Injection] (MEDIUM): Vulnerability surface identified. Ingestion points: User-provided image files and prompt strings passed to the image_edit.py tool. Boundary markers: None observed in the prompt templates provided in prompting.md. Capability inventory: Execution of a local Python script with CLI arguments as shown in SKILL.md. Sanitization: None described in documentation. This combination allows external content to influence the arguments of a local command execution.
  • [Data Exposure & Exfiltration] (LOW): The skill documentation indicates interaction with RunPod serverless endpoints. While this is the intended purpose of the skill, it involves sending data (potentially sensitive images) to a non-whitelisted external domain.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:36 AM