Skills
skills/tul-sh/skills/og-image-design/Gen Agent Trust Hub

og-image-design

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh command-line tool to run various image generation and search applications on the inference.sh platform. These commands are consistent with the skill's stated purpose.
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of additional tools from the inference-sh/skills repository using the npx skills add command. These are vendor-controlled resources intended for extending the agent's capabilities.
  • [PROMPT_INJECTION]: The skill's use of the html-to-image application involves rendering raw HTML provided as input. This creates a surface for indirect prompt injection if the agent interpolates untrusted data into these HTML templates.
  • Ingestion points: Input JSON strings in SKILL.md code blocks.
  • Boundary markers: None present in the examples.
  • Capability inventory: CLI execution of infsh for image rendering and search.
  • Sanitization: No sanitization or escaping of input data is described in the templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:26 AM