Skills
skills/tuziapi/tuzi-skills/tuzi-image-gen/Gen Agent Trust Hub

tuzi-image-gen

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external system commands for utility purposes.
  • scripts/providers/google.ts uses execSync to run curl for making API requests when a proxy is detected, bypassing known issues with the runtime's native fetch implementation.
  • scripts/providers/tuzi.ts uses spawn to execute sips (on macOS) or convert (ImageMagick) to compress reference images before transmission.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with several external AI service providers to generate and download images.
  • Fetches content from the author's official API at api.tu-zi.com.
  • Communicates with well-known service providers including Google (generativelanguage.googleapis.com), OpenAI (api.openai.com), DashScope (dashscope.aliyuncs.com), and Replicate (api.replicate.com).
  • [DATA_EXPOSURE]: The skill implements a standard secret management pattern by reading and writing API keys to .env files located in project-specific (.tuzi-skills/) and user-home ($HOME/.tuzi-skills/) directories. This is explicitly documented in the setup guide to help users manage their credentials securely.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 12:07 AM