image-gen
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs shell commands using strings generated from user prompts (e.g.,
alma image generate "..."). This is highly vulnerable to shell injection if an attacker provides input containing command separators or subshells. - [PROMPT_INJECTION] (HIGH): The instructions employ 'CRITICAL' and 'IMPORTANT' markers to override agent behavior. It specifically instructs the agent to generate '擦边' (suggestive/risqué) content and use forced keywords like 'real skin texture' and 'NOT illustration' to bypass standard model safety or stylistic defaults.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted user input to drive the 'Bash' capability. 1. Ingestion points: User-provided image descriptions. 2. Boundary markers: None identified. 3. Capability inventory: 'Bash' command execution and file system interaction via 'alma'. 4. Sanitization: None present in the provided script logic.
- [DATA_EXPOSURE] (MEDIUM): The skill interacts with the '~/.config/alma/selfies/' directory. Accessing hidden configuration folders is a risk as they often contain sensitive application data, tokens, or credentials that could be exposed or modified.
Recommendations
- AI detected serious security threats
Audit Metadata