muapi-photo-pack-generator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script (
scripts/generate-pack.sh) to perform its operations. This script further executes local utilities (upload.shandgenerate-image.sh) located in a relative path (../../../../core/media/) that corresponds to the expected MuAPI environment. These calls are used to process reference images and trigger the generation pipeline. - [EXTERNAL_DOWNLOADS]: If the optional
--viewflag is provided, the script usescurlto download the generated image assets from remote URLs to a localmedia_outputsfolder. This is a legitimate functional requirement for retrieving the generated photo packs. - [SAFE]: The skill documentation (
SKILL.md) contains robust instructions for the AI agent to prioritize 'Identity Lock' prompting. It specifically forbids the agent from re-describing the person's features (age, ethnicity, etc.) to ensure the model relies solely on the reference image for identity preservation. No signs of prompt injection, data exfiltration, or obfuscation were found.
Audit Metadata