image-gen
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes 'bun' and 'open' with parameters provided by the user. If the agent does not properly escape these parameters, it could lead to command injection.
- [PROMPT_INJECTION] (LOW): The skill accepts user-provided prompts and file paths as input for generation. This introduces a surface for untrusted data to influence tool behavior, though the use of 'AskUserQuestion' is a mitigating interactive step.
- [DATA_EXFILTRATION] (INFO): The skill accesses the 'MAX_API_KEY' environment variable. This is functional for API access but involves checking for sensitive credentials.
Audit Metadata