The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected in the skill's code or documentation.
[SAFE]: The skill follows security best practices for local credential storage.
The scripts/generate_image.py script saves the API key to ~/.config/modelscope/config.json and explicitly sets the file permissions to 0o600 (read/write for owner only) using os.chmod to prevent unauthorized access by other users on the system.
[EXTERNAL_DOWNLOADS]: The skill downloads generated image files from a well-known and legitimate service.
It communicates with api-inference.modelscope.cn to submit tasks and poll for results, and subsequently downloads the resulting image from the provided URL. These operations are consistent with the skill's primary purpose.
[COMMAND_EXECUTION]: The skill relies on a Python script (scripts/generate_image.py) to perform its tasks.
The script uses standard libraries like requests and PIL for network and image operations. It does not contain any patterns of unsafe dynamic code execution or suspicious subprocess spawning.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes user-provided natural language prompts.
Ingestion points: The prompt command-line argument in scripts/generate_image.py.
Boundary markers: None; the prompt is passed directly into the API request payload.
Capability inventory: The skill has the capability to perform network requests to the ModelScope API and write files to the local file system.
Sanitization: No specific sanitization or filtering is performed on the user prompt before it is sent to the API.

modelscope-zimage-generator