Skills
skills/openclaw/skills/eachlabs-fashion-ai/Gen Agent Trust Hub

eachlabs-fashion-ai

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Provides template curl commands in SKILL.md for the agent to interact with the EachLabs API for image and video generation tasks.
  • [DATA_EXFILTRATION]: Transmits user-provided prompts and media URLs to the external domain api.eachlabs.ai. While this is intended behavior for the service, it constitutes network activity to a non-whitelisted destination.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted user data that is then processed by the agent and an external API.
  • Ingestion points: prompt, image_urls, image_url, and video_url parameters in SKILL.md workflow examples.
  • Boundary markers: Absent; no delimiters are used to separate user input from operational instructions.
  • Capability inventory: Network request capabilities via curl to api.eachlabs.ai documented in SKILL.md.
  • Sanitization: No input validation or sanitization procedures are specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 02:00 AM