ai-image-generation
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'infsh' CLI to perform image generation tasks. The agent's shell access is limited to this specific command through the 'allowed-tools' metadata configuration.
- [EXTERNAL_DOWNLOADS]: The skill provides links to installation scripts and related skills hosted on the official GitHub repository for 'inference-sh', which is the vendor's legitimate infrastructure.
- [REMOTE_CODE_EXECUTION]: Example commands include 'npx skills add', which downloads and executes skill definitions from the vendor's repository. This is standard functionality for the platform.
- [PROMPT_INJECTION]: The skill is designed to process user-provided text prompts for image generation. This represents an indirect prompt injection surface (Ingestion points: SKILL.md examples; Boundary markers: absent; Capability inventory: 'infsh' CLI; Sanitization: absent), but the risk is minimal given the specialized and constrained nature of the output (images).
Audit Metadata