app-store-screenshot-generation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill handles authentication securely by instructing users to use an environment variable ($EACHLABS_API_KEY) rather than hardcoding sensitive credentials.
- [SAFE]: All network operations are directed to the official domains of the service provider (eachlabs.run and eachlabs.ai), which are consistent with the skill's purpose and the documented vendor.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it interpolates user-provided text into API request bodies. (1) Ingestion points: The 'message' field within the curl example payloads. (2) Boundary markers: Content is encapsulated within a JSON object structure. (3) Capability inventory: Outbound HTTP POST requests to an external generative AI API. (4) Sanitization: The skill relies on the safety filters and validation provided by the external EachLabs API.
Audit Metadata