modelscope-api
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The script 'scripts/image-gen.py' reads sensitive credentials from '~/.modelscope-image-gen/modelscope-image-gen.local.md'. Accessing hidden configuration files in the home directory that contain 'api_key' is a high-risk action for data exposure. The severity is set to MEDIUM as this access is tied to the primary authentication purpose of the skill.
- [EXTERNAL_DOWNLOADS] (LOW): The skill performs network requests to 'api-inference.modelscope.cn' and downloads binary image data from dynamic URLs. These are non-whitelisted domains, although they align with the skill's stated functionality.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through the ingestion of untrusted prompt data and external API responses. 1. Ingestion points: User prompts provided via CLI and batch prompt files. 2. Boundary markers: Absent; instructions are not delimited within the API payloads. 3. Capability inventory: The skill possesses file-write capabilities ('save_image') and network-read/write capabilities ('requests'). 4. Sanitization: No sanitization or validation of input prompts or external URLs is performed.
Audit Metadata