image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code patterns, obfuscation, or unauthorized behaviors were detected during the analysis.
- [COMMAND_EXECUTION]: The skill demonstrates standard file system operations, such as saving generated images to disk using
fs.writeFileSync. It also provides examples for using established image post-processing utilities likemagick,cwebp, andrembg, all of which are appropriate for the skill's functionality. - [EXTERNAL_DOWNLOADS]: Dependencies and external links target official Google Gemini SDKs and documentation from well-known and verified domains like
ai.google.dev. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by instructing users to store sensitive API keys in environment variables (
GEMINI_API_KEY) rather than hardcoding them. - [SAFE]: Analysis of indirect prompt injection surfaces (Category 8): 1. Ingestion points: The skill accepts user-provided text prompts and images for generation and editing. 2. Boundary markers: Detailed prompt structures and templates serve as logical boundaries, though no programmatic delimiters are implemented in the snippets. 3. Capability inventory: The skill performs local file writes and interacts with the official Gemini API. 4. Sanitization: Explicit input sanitization is not shown in the examples. Conclusion: The risk is categorized as low, as the behavior is standard for generative AI tools and subject to the provider's safety filters.
Audit Metadata