design-skills
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a standalone script
scripts/generate_images.pydesigned to handle image generation tasks. It is intended to be executed with JSON configuration passed via standard input. - [EXTERNAL_DOWNLOADS]: The skill downloads image data from remote or local endpoints. It interacts with ComfyUI servers (defaulting to localhost) and the OpenAI Images API (via a gateway) to fetch generated content.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes natural language user input (
brief) and interpolates it into templates used for image generation prompts. This is a common surface for LLM-based design tools. - [DATA_EXFILTRATION]: The skill transmits user-provided design descriptions and style preferences to external image generation APIs (OpenAI) and local servers (ComfyUI). This is necessary for its core functionality and is explicitly documented in the skill's purpose.
Audit Metadata