Skills
skills/tul-sh/skills/ai-image-generation/Gen Agent Trust Hub

ai-image-generation

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the infsh CLI tool via Bash commands to interact with image generation models. The allowed tools are constrained to the infsh binary.
  • [PROMPT_INJECTION]: The skill provides templates that interpolate user-provided text into shell commands as part of a JSON payload for remote AI models. This constitutes an indirect prompt injection surface.
  • Ingestion points: User-supplied text is used in the prompt field of the JSON input for the infsh app run command in multiple examples (e.g., SKILL.md).
  • Boundary markers: Commands use single quotes to wrap the JSON input, providing basic shell-level separation.
  • Capability inventory: The skill has the capability to execute commands using the infsh tool, which interacts with external image generation APIs.
  • Sanitization: There is no evidence of explicit input sanitization or validation within the skill's instructions.
  • [EXTERNAL_DOWNLOADS]: The skill references external endpoints on inference.sh for documentation and installation of the required CLI tool via npx. These resources are consistent with the vendor's platform and the skill's stated functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:26 AM