Skills
NYC
skills/supercent-io/skills-template/image-generation-mcp/Gen Agent Trust Hub

image-generation-mcp

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses mcp__gemini-cli__ask-gemini to perform image generation. This is a legitimate use of the tool within the skill's intended scope.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) due to the lack of input sanitization for user-defined prompt components.
  • Ingestion points: User-supplied values for subject, style, lighting, and mood are ingested in Step 2 and used in Step 4.
  • Boundary markers: Absent. The skill does not provide any delimiters or explicit instructions to the agent to treat the user input as data rather than instructions.
  • Capability inventory: The skill has tool execution capabilities (ask-gemini) and file access (Read, Write).
  • Sanitization: There is no evidence of input validation, escaping, or sanitization before the user data is passed to the Gemini CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:26 PM