Skills
skills/inferen-sh/skills/qwen-image-2-pro/Gen Agent Trust Hub

qwen-image-2-pro

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI tool (a verified vendor resource) via the Bash tool to execute image generation tasks on the Inference.sh platform.
  • [EXTERNAL_DOWNLOADS]: The documentation references external images and guidelines hosted on inference.sh and cloud.inference.sh. It also suggests installing related skills using npx.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface.
  • Ingestion points: User-provided prompts and negative prompts are passed directly into the tool input in SKILL.md.
  • Boundary markers: Input is structured within a JSON object, providing basic separation from the command execution context.
  • Capability inventory: The skill can execute shell commands (Bash) and make network requests via the infsh utility.
  • Sanitization: No internal sanitization or validation logic is present in the skill's instructions; filtering is assumed to be handled by the backend model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 09:54 PM