Skills
skills/openclaw/skills/sutui-ai/Gen Agent Trust Hub

sutui-ai

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (MEDIUM): The skill processes untrusted external data (prompts and image URLs) to generate media outputs, creating an attack surface where malicious inputs could influence agent behavior or downstream processes.
  • Ingestion points: The prompt, image_url, and end_image_url arguments in tools such as submit_task, sync_generate_image, and upload_image (SKILL.md).
  • Boundary markers: None identified in the provided instructions; untrusted data is passed directly into tool arguments.
  • Capability inventory: The skill facilitates network communication with external AI platforms (e.g., fal.ai, Jimeng) to generate and return media files.
  • Sanitization: No sanitization or validation logic for the provided URLs or prompt text is present in the skill definition.
  • Data Exposure & Exfiltration (LOW): The upload_image tool accepts an image_url parameter. If the underlying MCP server lacks strict validation, this could be used for Server-Side Request Forgery (SSRF) to probe internal network resources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 05:00 AM