NSFW Image Generation
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill documents and facilitates network requests to
https://sense.eachlabs.run/chat. This domain belongs to the skill's vendor (Each Labs) and is required for the image generation service. As the traffic is directed to the vendor's own infrastructure, this is considered a functional requirement. - [PROMPT_INJECTION]: The documentation includes instructions to set
enable_safety_checkertofalse. While this terminology overlaps with common safety bypass patterns, it is a documented technical parameter of the Each Labs API specifically intended to allow the generation of adult and nude art as part of the skill's primary purpose. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted user input and external data.
- Ingestion points: User-provided text prompts in the
messagesobject and external image references in theimage_urlsarray (as seen inSKILL.mdand the client examples inreferences/SSE-EVENTS.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands (e.g., in image metadata or prompt text) are provided in the payload construction templates.
- Capability inventory: The skill transmits data via network requests (using
curl,fetch, orrequests) to the vendor's API endpoint. - Sanitization: The documentation notes server-side enforcement of content policies and provides error handling for policy violations (
content_policy_violation).
Audit Metadata