Skills
skills/feed-mob/agent-skills/gemini-image-generator/Gen Agent Trust Hub

gemini-image-generator

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill is rated HIGH due to the direct exposure of user-provided prompts to the underlying LLM, creating a significant prompt injection risk. Additionally, the skill fetches images from arbitrary user-supplied URLs, which introduces a medium-severity risk of Server-Side Request Forgery (SSRF) or unintended network connections. While the Python dependencies are from trusted sources, the skill's core functionality involves executing Python scripts and making external network requests based on user input.

Total Findings: 4

🔴 HIGH Findings: • Prompt Injection

  • SKILL.md, scripts/edit_image.py, scripts/generate_image.py, scripts/logo_overlay.py: User-provided prompts are directly passed to the genai.Client().models.generate_content function. This is a direct vector for prompt injection, allowing an attacker to attempt to manipulate the LLM's behavior or extract sensitive information.

🟡 MEDIUM Findings: • Data Exfiltration / SSRF

  • scripts/common.py: The load_image function uses requests.get to fetch images from user-supplied URLs. A malicious user could provide a URL pointing to an attacker-controlled server, potentially leading to SSRF (Server-Side Request Forgery) or unintended network connections from the agent's environment. While no sensitive local files are read and exfiltrated, the ability to trigger arbitrary external network requests is a concern.

🔵 LOW Findings: • Unverifiable Dependencies

  • scripts/requirements.txt: The skill lists google-genai, pillow, and requests as dependencies. These are widely used and trusted Python libraries. While external dependencies always carry some inherent risk, these specific packages are considered low risk due to their reputation and maintenance by trusted organizations.

ℹ️ TRUSTED SOURCE References: • google-genai (from scripts/requirements.txt) is a dependency from a trusted source (Google).

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 07:32 AM