image-generation
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Node.js script (
cli.bundle.js) using a shell command to perform its primary function of image generation. - [PROMPT_INJECTION]: The instructions include behavioral overrides that command the agent to bypass standard user-confirmation loops, specifically stating it should "Invoke IMMEDIATELY" and "don't wait for the user to ask."
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its automated workflow:
- Ingestion points: The skill is instructed to parse untrusted content from the user's project files, specifically HTML placeholders and CSS stock image references.
- Boundary markers: There are no delimiters or boundary instructions provided to help the agent distinguish between legitimate code and malicious instructions embedded within the HTML or CSS it processes.
- Capability inventory: The skill has the capability to execute shell commands and utilize MCP tools based on the content it parses.
- Sanitization: The skill lacks instructions for sanitizing or validating external data before incorporating it into the prompt generation process.
Audit Metadata