Skills
skills/inference-sh/agent-skills/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is configured to use the infsh command-line interface to run various AI image generation applications. This requires permission to execute shell commands within the agent's environment.
  • [EXTERNAL_DOWNLOADS]: The skill documentation suggests using npx to dynamically add other agent skills from the vendor's repository (e.g., inference-sh/skills@agent-tools). These resources are managed by the skill's author.
  • [PROMPT_INJECTION]: The skill accepts user-provided text prompts to generate images, which is an indirect prompt injection surface. Malicious input could potentially be used to attempt to bypass model filters, though this is a standard risk for generative AI tools.
  • Ingestion points: The prompt and image_url fields in the JSON input for the infsh app run command.
  • Boundary markers: No specific delimiters or safety instructions are defined in the command examples to separate user input from the command structure.
  • Capability inventory: The skill is authorized for Bash(infsh *) tool usage.
  • Sanitization: There is no evidence of local input validation or sanitization before passing data to the CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:57 PM