imagen
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation specifies the execution of a local Python script for image generation.
- [NO_CODE]: The core logic is contained in a separate script file missing from the analyzed package, limiting the audit to the markdown instructions.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes user-provided descriptions for image generation. Ingestion points: User-provided text prompts for image descriptions in SKILL.md. Boundary markers: No delimiters or protective instructions are identified. Capability inventory: Local script execution with the capacity to write files to the current directory. Sanitization: No input validation or filtering logic is documented.
Audit Metadata