Skills
skills/toolshell/skills/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash(infsh *) tool to execute commands through the infsh CLI. This is the intended primary function of the skill, allowing the agent to run, list, and manage AI image generation applications on the inference.sh platform.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the infsh CLI and additional agent skills from the vendor's repository (inference-sh/skills). These are verified vendor resources from the author of the skill.
  • [CREDENTIALS_UNSAFE]: The skill references the infsh login command for user authentication. No hardcoded API keys, tokens, or other credentials were detected in the skill file.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes user-provided strings for image prompts.
  • Ingestion points: User prompts are interpolated into the --input JSON argument of infsh app run commands.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command templates.
  • Capability inventory: The skill possesses the Bash(infsh *) capability, which is limited to the specific CLI tool.
  • Sanitization: No explicit sanitization or validation of the prompt string is performed within the skill documentation itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:02 PM