Skills
skills/tuziapi/tuzi-skills/baoyu-image-gen/Gen Agent Trust Hub

baoyu-image-gen

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses execSync in scripts/providers/google.ts to execute curl for API requests. This is implemented as a specific workaround for known Bun runtime limitations regarding HTTP proxies and long-lived socket connections.
  • [EXTERNAL_DOWNLOADS]: To perform its primary function, the skill connects to several external AI service endpoints, including Google's Generative Language API, OpenAI's API, Alibaba's DashScope, Replicate, and the vendor's Tuzi API (api.tu-zi.com).
  • [PROMPT_INJECTION]: The skill processes user-defined prompts and local files for image generation. It identifies an attack surface for indirect prompt injection (Category 8) as it interpolates untrusted data into API requests without internal sanitization, relying on the safety filters of the destination AI models.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:05 PM