generate-z-image
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input as an image prompt. It addresses potential indirect injection risks by instructing the agent to apply specific sanitization and utilizing shell features that prevent interpretation.
- Ingestion points: User-provided image description extracted from the request as defined in
SKILL.md. - Boundary markers: Uses a single-quoted heredoc (
EVOLINK_END) inscripts/generate.shto prevent shell expansion of interpolated variables. - Capability inventory: The skill has capabilities for network access (API requests via
curl) and file-system writes (image downloads) withinscripts/generate.sh. - Sanitization:
SKILL.mdexplicitly requires JSON escaping (escaping double quotes and backslashes) before the prompt is inserted into the script template. - [COMMAND_EXECUTION]: The skill generates and executes a bash script based on a local template (
scripts/generate.sh). This is used to coordinate the asynchronous image generation process, including task submission, status polling, and final file download. The use of a single-quoted heredoc and instructions for JSON escaping mitigate risks associated with command interpolation. - [EXTERNAL_DOWNLOADS]: Per functional requirements, the skill interacts with
api.evolink.aito submit generation tasks and retrieve status. It also downloads the resulting image files from the same vendor-controlled domain. These operations are consistent with the skill's stated purpose and target the author's established infrastructure.
Audit Metadata