rw-generate-image
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes 'uv run' to execute local Python scripts, which is a secure and standard practice for dependency management and environment isolation within AI agent skills.- [SAFE]: Authentication is handled through well-established patterns, specifically using environment variables (RUNWAYML_API_SECRET) or command-line flags, which is appropriate for CLI-based integrations.- [SAFE]: The skill's tool permissions are correctly restricted in the 'allowed-tools' metadata to only permit necessary 'Bash' commands ('uv run *' and 'command -v uv'), minimizing the risk of arbitrary command execution.- [SAFE]: The instruction to the agent to not read the generated image file back into context provides an additional layer of security against potential vision-based indirect prompt injection from generated content.
Audit Metadata