Skills
skills/nogataka/slidekit/imgen/Gen Agent Trust Hub

imgen

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs its operations by executing local shell commands, including npm run dev, npx tsx, and the imgen CLI tool itself.
  • [EXTERNAL_DOWNLOADS]: The skill references the @nogataka/imgen package on the npm registry and utilizes npx for script execution, which may involve downloading packages at runtime.
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it incorporates user-supplied text and image files into API calls for image generation and editing.
  • Ingestion points: User-provided prompts, instructions, and file paths used as arguments for the imgen command in SKILL.md.
  • Boundary markers: There are no boundary markers or instructions to the agent to ignore potentially malicious content within the user-provided strings.
  • Capability inventory: The skill can execute shell commands and read local files as defined in its operational instructions in SKILL.md.
  • Sanitization: No sanitization or input validation mechanisms are described for the natural language inputs or file paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 09:52 AM