Skills
skills/openclaw/skills/aimlapi-media-gen/Gen Agent Trust Hub

aimlapi-media-gen

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill scripts ingest untrusted prompts and URLs which could lead to indirect prompt injection if the upstream API is compromised or misled.\n
  • Ingestion points: Found in scripts/gen_image.py and scripts/gen_video.py via the --prompt and --image-url arguments.\n
  • Boundary markers: No explicit delimiters or instruction filtering are applied to the input strings.\n
  • Capability inventory: Includes network operations (urllib.request), local file reads (pathlib.Path.read_bytes), and local file writes (pathlib.Path.write_bytes).\n
  • Sanitization: The scripts use a whitelist to filter additional JSON parameters provided via the --extra-json flag.\n- [EXTERNAL_DOWNLOADS]: The skill downloads generated media files from api.aimlapi.com or from URLs provided by the API's successful response.\n- [SAFE]: No critical security vulnerabilities, such as hardcoded credentials, obfuscation, or unauthorized privilege escalation, were detected. The file access logic for API keys and image encoding is restricted to user-provided paths.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 01:34 AM