modelslab-3d-generation
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill performs network requests to 'modelslab.com' via the 'requests' library. Although required for the skill's purpose, this domain is not included in the trusted source whitelist. Evidence: 'SKILL.md' (API endpoints and function calls).\n- [PROMPT_INJECTION] (MEDIUM): Surface for indirect prompt injection (Category 8) identified. Ingestion points: Untrusted data enters via 'prompt' (text) and 'image_url' parameters in 'SKILL.md'. Boundary markers: Absent; there are no instructions or delimiters to isolate untrusted content from the agent's logic. Capability inventory: Uses 'requests.post' for network communication to transmit data to external servers. Sanitization: Absent; the skill does not validate or sanitize input URLs or strings before use.
Audit Metadata