Skills
skills/eachlabs/skills/eye-color-changer/Gen Agent Trust Hub

eye-color-changer

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation provides numerous curl command templates to demonstrate how to interact with the each::sense API endpoint at https://sense.eachlabs.run/chat. These examples include the use of session IDs for iterative editing and various processing modes.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the processing of external images by sending user-provided URLs to the vendor's API. The provided documentation in references/SSE-EVENTS.md also indicates that generated outputs are hosted on the vendor's storage infrastructure at storage.eachlabs.ai.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it processes external data (images and user messages) through an AI model.
  • Ingestion points: External data enters the context via the image_urls and message fields in the API requests defined in SKILL.md.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore potential commands embedded within the input data mentioned in the documentation.
  • Capability inventory: The skill's core capability is executing image manipulation requests against an external AI service.
  • Sanitization: No specific sanitization or validation steps for input data are described within the provided skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 02:04 AM