Skills
skills/jjenkins/labnocturne-image-client/generate-key/Gen Agent Trust Hub

generate-key

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the curl command to interact with the Lab Nocturne Images API.
  • [EXTERNAL_DOWNLOADS]: The skill makes a network request to images.labnocturne.com to retrieve API key information at runtime.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates data from an external source into its output without sanitization.
  • Ingestion points: Data is read from the JSON response fields (api_key, type, message, and limits) of the /key endpoint.
  • Boundary markers: There are no instructions provided to the agent to treat the remote response as untrusted or to ignore instructions within the JSON content.
  • Capability inventory: The skill utilizes the curl utility to fetch remote content and present it to the user.
  • Sanitization: No validation or escaping is applied to the fields retrieved from the JSON response before presenting them to the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 07:11 PM