Skills
skills/sammcj/agentic-coding/invokeai-image-gen/Gen Agent Trust Hub

invokeai-image-gen

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Potential for Indirect Prompt Injection. The skill ingests untrusted user text (the image prompt) and interpolates it into a Bash command.
  • Ingestion points: The --prompt and -p parameters used in the generate.py script as described in SKILL.md.
  • Boundary markers: Documentation suggests enclosing prompts in double quotes, which provides some protection but does not prevent escape sequences if the underlying script handles arguments unsafely.
  • Capability inventory: The skill is granted Bash and Read tool permissions, allowing it to execute local files and read outputs.
  • Sanitization: The implementation of scripts/generate.py is not provided in this analysis scope, preventing verification of argument sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:33 PM