baoyu-image-gen
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the system's local
curlbinary viaexecFileSyncin the Google provider module. This is used as a documented workaround for a known issue in the Bun runtime to ensure reliable network communication through HTTP proxies. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to various established AI provider APIs (such as Google, OpenAI, and Alibaba Cloud) to transmit image prompts and download generated binary image data.
- [DATA_EXFILTRATION]: The skill reads local images specified by the user as references and transmits them to the selected AI provider's API. This is an intended core functionality for image-to-image or reference-based generation workflows and targets well-known service endpoints over HTTPS.
Audit Metadata