Skills
skills/hansonyyds/beary-skills/modelscope-image-gen/Gen Agent Trust Hub

modelscope-image-gen

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The script scripts/image-gen.py downloads image data from URLs returned by the ModelScope API. While these are expected for the skill's function, they represent external data ingestion.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8).
  • Ingestion points: Prompts are ingested via the --prompt CLI argument and the --batch file reader in scripts/image-gen.py.
  • Boundary markers: None. Prompts are directly embedded into the API request payload.
  • Capability inventory: The script performs network requests (requests.post, requests.get) and writes files to the local system (open().write()).
  • Sanitization: No validation or sanitization is applied to input prompts.
  • [SAFE] (SAFE): The skill follows standard practices for API-based tools, including using a local configuration file for secrets rather than hardcoding credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 04:07 PM