pollinations
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains documentation and examples for executing shell commands using
curland referencing local scripts (scripts/chat.sh,scripts/image.sh,scripts/tts.sh) to interact with the Pollinations.ai API endpoints. - [DATA_EXFILTRATION]: The skill is designed to transmit user-provided prompts and an API key to the external domain
gen.pollinations.ai. This behavior is the primary intended function of the skill for generating content via the third-party service. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (Category 8) by processing untrusted user input as prompts for AI generation.
- Ingestion points: User-provided text prompts are ingested through various API parameters (e.g.,
{prompt}) for text, image, and video generation. - Boundary markers: None detected. The provided examples do not use delimiters or explicit instructions to the AI to ignore instructions embedded within user data.
- Capability inventory: Uses
curland local shell scripts to perform network operations and communicate with the Pollinations API. - Sanitization: None detected. User inputs are interpolated directly into the API request structure without apparent validation or escaping.
Audit Metadata