seo-images
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Interacts with well-known services including Replicate (api.replicate.com) and Google (generativelanguage.googleapis.com) to perform image generation tasks and download the resulting media files.
- [COMMAND_EXECUTION]: Uses a bash script (scripts/generate.sh) to orchestrate image generation, employing curl for network requests and jq for parsing JSON responses.
- [PROMPT_INJECTION]:
- Ingestion points: The skill ingests untrusted data such as article context, headlines, and subtext through CLI arguments in the generation script.
- Boundary markers: No explicit boundary markers or instructions are provided to the image model to ignore instructions embedded within the user-provided text.
- Capability inventory: The skill possesses the ability to execute bash commands and write files to the local filesystem.
- Sanitization: While technical sanitization is performed via jq to ensure valid JSON formatting for API calls, the skill does not perform semantic sanitization to prevent adversarial instructions in the input text from influencing the image generation model.
Audit Metadata