Skills
skills/eachlabs/skills/object-removal/Gen Agent Trust Hub

object-removal

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: The skill ingests untrusted data via image_urls in SKILL.md.
  • Boundary markers: Absent; prompt templates do not include delimiters or instructions to ignore content within the images.
  • Capability inventory: The skill performs network requests via curl to the eachlabs.run API.
  • Sanitization: No sanitization or validation of the image-embedded content is documented.
  • [COMMAND_EXECUTION]: Provides curl commands for image processing. These commands target the vendor's own infrastructure at sense.eachlabs.run and follow standard practices by using the $EACHLABS_API_KEY environment variable for credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 09:12 PM