zimage-generation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill's documentation and code comments (Method A) explicitly instruct users to hardcode sensitive API keys directly into the Python script. This practice significantly increases the risk of credential theft or accidental disclosure if the script is shared or version-controlled.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data and possesses high-risk capabilities. 1. Ingestion points: The 'prompt' argument in 'scripts/generate_zimage.py'. 2. Boundary markers: None. The prompt is directly interpolated into the JSON payload. 3. Capability inventory: 'requests.post' (outbound network), 'requests.get' (outbound network), and 'open(output_path, "wb").write()' (local file modification). 4. Sanitization: No input validation or escaping is performed on the prompt before use.
- [EXTERNAL_DOWNLOADS] (LOW): The script dynamically downloads content from URLs provided by the external ModelScope API and saves them to the local filesystem.
- [DATA_EXFILTRATION] (LOW): The skill transmits the user's API token and prompt to 'api-inference.modelscope.cn'. While expected for functionality, it involves sending data to a non-whitelisted external endpoint.
Recommendations
- AI detected serious security threats
Audit Metadata