Skills
skills/solidspoon/dashplayer/nano-image-generator/Gen Agent Trust Hub

nano-image-generator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill creates an indirect prompt injection surface by instructing the agent to pass untrusted user input directly as a command-line argument to a script. Evidence Chain: 1. Ingestion points: The <prompt> variable in the scripts/generate_image.py command. 2. Boundary markers: Absent; user input is not enclosed in delimiters in the examples. 3. Capability inventory: Execution of local Python scripts via shell. 4. Sanitization: Absent; the documentation does not describe input validation or escaping.
  • [COMMAND_EXECUTION] (SAFE): The skill uses standard shell commands to execute a local utility script, which is consistent with its stated purpose of image generation.
  • [CREDENTIALS_UNSAFE] (SAFE): The documentation correctly identifies that API keys should be handled via environment variables or .env files rather than being hardcoded in scripts or the skill file.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM