Skills
skills/richardanaya/agent-skills/generate-image/Gen Agent Trust Hub

generate-image

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to use curl by interpolating a user-provided prompt directly into a shell command string. Since there is no sanitization or escaping described, a malicious prompt containing shell metacharacters (e.g., backticks, $(...), or semicolons) would result in arbitrary code execution on the underlying host.
  • Evidence: The line source .env && curl ... --data '{"prompt": "<prompt>"}' in SKILL.md demonstrates direct interpolation into a shell context.
  • [REMOTE_CODE_EXECUTION] (HIGH): The instructions suggest that the agent should 'run some ad hoc python' to handle image uploads. This promotes the dynamic generation and execution of code at runtime, which is a high-risk pattern as it bypasses static security controls and can be exploited by an attacker providing malicious instructions.
  • Evidence: The text 'it's probably best to run some ad hoc python' in SKILL.md explicitly directs the agent toward dynamic code execution.
  • [CREDENTIALS_UNSAFE] (MEDIUM): The skill depends on a .env file containing an API key (FAL_KEY) and instructs the agent to source this file. While a common pattern, in the context of the existing command injection vulnerability, this configuration significantly increases the risk that the secret key will be exfiltrated to an attacker.
  • Evidence: Instruction to source .env and use $FAL_KEY in shell commands in SKILL.md.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 11:00 PM