nano-image-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill documentation (README.md, README_CN.md) and the implementation (scripts/generate_image.py) explicitly instruct users to hardcode their private Gemini API key into the source code. This practice significantly increases the risk of credential leakage if the code is shared or committed to version control.\n- DATA_EXFILTRATION (MEDIUM): The script scripts/generate_image.py reads any local file path provided via the --ref argument and sends the content to an external API (generativelanguage.googleapis.com). While intended for reference images, this capability could be exploited to exfiltrate sensitive system or configuration files if an attacker can influence the skill's arguments.\n- PROMPT_INJECTION (LOW): The skill lacks sanitization and boundary markers for user-provided prompts and reference images, making it a surface for indirect prompt injection (Category 8). Evidence:\n
- Ingestion points: 'prompt' and '--ref' arguments in scripts/generate_image.py.\n
- Boundary markers: Absent; the prompt is interpolated directly into the JSON payload.\n
- Capability inventory: Network POST via urllib.request and local file write via Path.write_bytes.\n
- Sanitization: Absent; the script does not validate or sanitize the prompt or the output path.
Recommendations
- AI detected serious security threats
Audit Metadata