azure-image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates via a Python script (
scripts/generate.py) that performs various system-level operations including creating directories, reading local configuration files (.env), and writing generated content (images, JSON manifests, and HTML files) to the local filesystem. - [DATA_EXFILTRATION]: The script is designed to transmit the
AZURE_OPENAI_API_KEYto the specifiedAZURE_OPENAI_ENDPOINT. While this is necessary for functionality, it presents a risk if the endpoint environment variable is manipulated to point to a malicious server, leading to credential harvesting. - [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect injection and content poisoning in its HTML gallery generation logic.
- Ingestion points: The script receives untrusted data in the form of the user-provided
--promptand therevised_promptfield returned from the Azure OpenAI API inscripts/generate.py. - Boundary markers: None present; the script does not use delimiters or warnings to isolate the prompt content from the HTML structure.
- Capability inventory: The script has permissions to write files (
open(),Path.mkdir()) and perform network operations (urllib.request.urlopen()). - Sanitization: Absent. The
create_gallery_htmlfunction inscripts/generate.pyperforms direct string interpolation of prompts into the HTML body without escaping special characters (e.g.,< > " ' &), which could allow for the execution of malicious scripts when the gallery is viewed in a browser.
Audit Metadata