product-photography
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the infsh CLI tool via Bash to execute AI models for image generation. This is a core function of the skill.
- [EXTERNAL_DOWNLOADS]: The skill documentation suggests installing dependencies from the inference-sh/skills repository using npx to enable the required CLI tools.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes user-provided descriptions for image generation. Ingestion points: User-controlled prompt strings passed to infsh in SKILL.md examples. Boundary markers: JSON structure is used for inputs. Capability inventory: External API calls via the infsh tool for image generation. Sanitization: Inputs are passed directly to the AI models without explicit filtering.
Audit Metadata