modelscope-zimage-generator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill manages ModelScope API credentials using standard security practices. The
scripts/generate_image.pyfile stores the API key in a user-specific configuration file (~/.config/modelscope/config.json) and correctly applies restricted file permissions (0o600) to ensure the key is only accessible by the owner. - [SAFE]: All network interactions and downloads target official ModelScope domains (
modelscope.cnandapi-inference.modelscope.cn). These operations are used exclusively for task submission, status polling, and retrieving the resulting image assets, which aligns with the skill's primary functionality. - [SAFE]: The skill instructions in
SKILL.mdcontain a hardcoded directory path for a specific local user environment (/Users/ningoo/). While this may lead to execution failures on other systems, it does not constitute a security vulnerability. - [PROMPT_INJECTION]: The skill processes arbitrary user-provided text prompts for image generation, which introduces an attack surface for indirect prompt injection.
- Ingestion points: User-provided
promptinput processed byscripts/generate_image.py. - Boundary markers: None. The prompt is interpolated directly into the JSON payload for the external API.
- Capability inventory: All scripts (specifically
scripts/generate_image.py) include network requests via therequestslibrary and local file-writing via thePillowlibrary (image.save). - Sanitization: There is no input filtering or instruction-ignoring syntax used for the prompt data. However, since the prompt is only used as a descriptive input for a remote image generation model and is not interpreted as local commands or code, the risk is negligible.
Audit Metadata