Skills
skills/meitu/meitu-skills/meitu-carousel/Gen Agent Trust Hub

meitu-carousel

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The agent executes the meitu CLI tool to generate carousel images, verify API credentials, and manage tool configuration.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the meitu-cli package from the official NPM registry to perform its tasks.
  • [DATA_EXFILTRATION]: The skill reads API keys from environment variables and ~/.meitu/credentials.json. This data is handled by the vendor's CLI for authentication with their cloud services, which is expected behavior.
  • [PROMPT_INJECTION]: The skill constructs prompts using data from DESIGN.md and user inputs, presenting a surface for indirect prompt injection. Ingestion points: DESIGN.md, openclaw.yaml, and user-provided text. Boundary markers: Absent. Capability inventory: Command execution via meitu-cli and file system access in the ~/.openclaw and ~/.meitu directories. Sanitization: No explicit sanitization or escaping of external input is performed before interpolation into AI prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 06:53 AM