eachlabs-product-visuals
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation describes network operations to api.eachlabs.ai, which is not among the pre-approved whitelisted domains.
- PROMPT_INJECTION (LOW): Surface for indirect prompt injection detected as the skill processes user-supplied prompts and image URLs. Evidence Chain: (1) Ingestion points: untrusted data enters via 'prompt' and 'image_urls' fields in the prediction request body; (2) Boundary markers: Absent; (3) Capability inventory: Network operations via curl to an external API; (4) Sanitization: No sanitization steps for user input are described in the documentation.
- CREDENTIALS_UNSAFE (SAFE): No hardcoded secrets were found; the skill correctly instructs the use of environment variables (EACHLABS_API_KEY) for authentication.
Audit Metadata