stability-ai
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The SKILL.md documentation mentions that "The script automatically handles dependencies on first run". This indicates runtime package installation, which creates a risk of supply-chain attacks or unverified code execution.
- [COMMAND_EXECUTION] (MEDIUM): The skill relies on a shell script
scripts/generatethat accepts user-provided prompts as command-line arguments. If these prompts are not properly sanitized within the script, it could lead to command injection. - [PROMPT_INJECTION] (MEDIUM): This skill provides an Indirect Prompt Injection surface. 1. Ingestion points: User-provided prompts via
scripts/generate. 2. Boundary markers: None identified in the documentation or usage examples. 3. Capability inventory: Network access (requests) and local file system write access for images. 4. Sanitization: No visible sanitization or validation of external content before processing. - [DATA_EXFILTRATION] (LOW): The skill performs network operations to external endpoints not on the standard whitelist (Stability AI API). While expected for image generation, it represents a potential exfiltration vector if the agent is manipulated.
Audit Metadata