Skywork Design
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill implements an authentication flow (
skywork_auth.py) that stores an access token in a local hidden file (~/.skywork_token). This token is used to authorize requests to the Skywork API gateway. All data transmission occurs over HTTPS to vendor-controlled domains (skywork.ai). - [COMMAND_EXECUTION]: The authentication script uses system calls to open the user's default web browser for the login process. This is a standard procedure for secure OAuth-like authentication in CLI environments.
- [EXTERNAL_DOWNLOADS]: The image generation script (
generate_image.py) retrieves generated image files from the vendor's storage service (OSS) and saves them to the user's local working directory as requested. - [PROMPT_INJECTION]: While the skill accepts user input to construct prompts for the image generation model, it does so within the context of visual design. Standard model guardrails and the specific nature of the API (returning images rather than text) minimize the risk of traditional prompt injection attacks.
Audit Metadata