Skills
skills/jjenkins/agent-image-skills/image-key/Gen Agent Trust Hub

image-key

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl command to interact with the Lab Nocturne API to request a new key.
  • [EXTERNAL_DOWNLOADS]: The skill performs a network request to https://images.labnocturne.com (or a user-provided base URL) to retrieve JSON data containing the API key and service limits.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and displaying data from an external source. 1. Ingestion points: The JSON response fields message and type from the /key endpoint are displayed to the user. 2. Boundary markers: No delimiters or ignore-instructions warnings are used when presenting the API response. 3. Capability inventory: Command execution via curl and prompt interpolation of external data. 4. Sanitization: The skill does not perform validation or escaping of the strings returned by the remote server before outputting them to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:43 PM