integrate-image
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a developer guide for integrating RunwayML services. All code examples and recommended practices align with legitimate API usage.
- [EXTERNAL_DOWNLOADS]: The skill references official vendor packages including
@runwayml/sdkfor Node.js andrunwaymlfor Python. These are legitimate resources owned by the authoring organization. - [DATA_EXPOSURE_&_EXFILTRATION]: No hardcoded credentials or sensitive data access patterns were found. The mention of file system access (e.g.,
fs.createReadStream) is correctly scoped to the documented feature of uploading local reference images for generation. - [INDIRECT_PROMPT_INJECTION]: The integration patterns show user-provided text being passed to an AI model. While this creates a standard surface for indirect prompt injection (where a user might attempt to bypass the generation model's internal filters), this is inherent to the primary purpose of the skill and does not represent a malicious design in the skill itself.
Audit Metadata