eachlabs-image-generation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The skill correctly uses an environment variable (EACHLABS_API_KEY) for authentication instead of hardcoding secrets. No exposure of sensitive local files was detected.
- [Remote Code Execution] (SAFE): No patterns for remote code execution or piped shell commands were found. The skill uses standard API calls for its functionality.
- [Prompt Injection] (SAFE): No malicious instructions aimed at overriding agent behavior or bypassing safety filters were identified.
- [Indirect Prompt Injection] (SAFE): While the skill ingests user-provided prompts, it is for the primary purpose of image generation. The skill documentation includes specific security constraints regarding input validation and URL loading to mitigate common injection risks.
- [Persistence & Privilege Escalation] (SAFE): No attempts to modify system files, startup scripts, or escalate privileges were found.
Audit Metadata