ai-artist
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official
google-genailibrary to interface with Gemini image generation models, which is a legitimate and trusted dependency. - [SAFE]: Sensitive information such as the
GEMINI_API_KEYis managed through environment variables and localized.envfiles (e.g.,~/.claude/skills/.env), aligning with best practices for secret handling in agent environments. - [SAFE]: The Python scripts (
generate.py,core.py,search.py) perform standard operations like file writing for image outputs and CSV processing for prompt search. No suspicious network operations or persistence mechanisms were detected. - [SAFE]: User-supplied inputs are interpolated into prompt templates via regex. While this presents an inherent surface for indirect prompt injection, it is the primary intended function of the skill and does not grant the user unauthorized capabilities beyond generating images.
- [SAFE]: The skill includes defensive instructions, such as mandatory negative constraints ('NEVER add watermarks') and a validation workflow, to ensure consistent and high-quality outputs.
Audit Metadata