Art
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local subprocesses to execute image processing tasks. Specifically, it calls 'magick' (ImageMagick) for image composition, resizing, and border application, and 'cwebp' for converting images to the WebP format. These operations are performed via 'spawn' and 'exec' within the TypeScript tools, with input parameters like hex colors being validated.
- [EXTERNAL_DOWNLOADS]: The skill interacts with several well-known technology providers to generate visual content. It makes network requests to the APIs of Replicate (Flux, Nano Banana), OpenAI (DALL-E), and Google Gemini. Additionally, it integrates with Discord via the 'discord.js' library to facilitate image generation through Midjourney. These connections are used for the primary purpose of the skill and utilize established services.
- [INDIRECT_PROMPT_INJECTION]: The workflows, such as 'AdHocYouTubeThumbnail' and 'Visualize', are designed to ingest user-provided content and external URLs to perform analysis. This analysis is used to dynamically construct prompts for image generation. While this represents an attack surface for indirect prompt injection, the skill incorporates structured prompting and specific validation steps to ensure output quality.
Audit Metadata