Skills
skills/hoangvantuan/claude-plugin/ai-artist/Gen Agent Trust Hub

ai-artist

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides Python scripts (generate.py, search.py, extract_prompts.py) to manage prompt databases and execute image generation commands. These scripts are intended for local execution and handle file I/O for images and CSV data.\n- [EXTERNAL_DOWNLOADS]: The generate.py script communicates with Google's GenAI API using the official google-genai library. This is a well-known service and the primary purpose of the skill.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it interpolates user-provided concepts into prompt templates without sanitization or boundary markers. \n
  • Ingestion points: The concept argument in scripts/generate.py.\n
  • Boundary markers: Absent; user input is directly substituted or replaces regex patterns in templates.\n
  • Capability inventory: The final prompt is processed by the generate_image function which calls the Google GenAI API.\n
  • Sanitization: Absent. Since this is the primary functionality for an image generator, the risk is considered low and addressed by the model's own safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 03:03 PM