image-generation-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, such as obfuscation, data exfiltration, or privilege escalation, were detected within the skill's instructions or code blocks.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the gemini-cli toolset. This is identified as a well-known service associated with Google Gemini, making it a trusted external dependency under the safety guidelines.
- [COMMAND_EXECUTION]: Includes instructions for environment checks using 'claude mcp list'. These are routine administrative commands used to verify the local MCP configuration and do not pose a security risk.
- [PROMPT_INJECTION]: The skill functions by interpolating user-provided inputs (Subject, Style, etc.) into a prompt for an AI model. while this technically constitutes an indirect prompt injection surface, it is a core feature of the skill's creative purpose and does not target system-level instructions.
- Ingestion points: Step 2 captures user input for subject, style, and branding.
- Boundary markers: Uses structured markdown headers to separate components of the prompt.
- Capability inventory: Employs mcp__gemini-cli__ask-gemini for generation and Write for local file output.
- Sanitization: Standard validation for image parameters (ratio, color codes) is encouraged in the instructions.
Audit Metadata