real-mecha
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions to override system prompts or bypass safety filters were detected. The instructions focus entirely on the stated image transformation task.
- Data Exposure & Exfiltration (SAFE): There are no commands to access sensitive files (~/.ssh, etc.) or perform unauthorized network requests. The skill only interacts with an image generation tool as expected.
- Obfuscation (SAFE): No Base64, zero-width characters, or hidden encoding patterns were found in the skill text or metadata.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install external packages or download scripts from the internet. It relies on internal logic and a standard image tool.
- Indirect Prompt Injection (SAFE): While the skill processes user-uploaded images, it does not attempt to parse and execute text commands from within those images. It treats the image as a structural reference for generation.
Audit Metadata