Skills
skills/sebastiaanwouters/dotagents/picasso/Gen Agent Trust Hub

picasso

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (LOW): The script scripts/fal-generate.ts accesses .env files to retrieve an API key and transmits it to fal.run and api.fal.ai. While this is standard for the tool's primary purpose, these domains are not included in the predefined whitelist of trusted sources.
  • Indirect Prompt Injection (LOW): The skill processes untrusted data which could potentially contain malicious instructions intended for the underlying image generation model.
  • Ingestion points: User-provided prompts and external image URLs (via the --edit flag) are processed by the scripts/fal-generate.ts script.
  • Boundary markers: Absent; the script does not use delimiters or provide explicit 'ignore' instructions to the downstream model to separate user input from system intent.
  • Capability inventory: The skill is capable of performing outbound network requests and writing files to the local disk (via the --out parameter).
  • Sanitization: No sanitization, validation, or escaping is performed on the prompt text or image URLs before they are sent to the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:16 PM