tuzi-image-gen
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/providers/google.tsusesexecSyncto runcurlcommands when a proxy is configured. The shell command is constructed by interpolating environment variables likeHTTPS_PROXYandGOOGLE_BASE_URLwithout sufficient sanitization, which could allow shell injection if these environment variables are maliciously set. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to several external image generation services, including the vendor's own API at
api.tu-zi.comand well-known services from Google, OpenAI, Alibaba (DashScope), and Replicate. These are documented neutrally as well-known service endpoints. - [DATA_EXFILTRATION]: The skill is designed to load and use sensitive credentials from the local file system. It reads
.envfiles from the project root and the user's home directory (~/.tuzi-skills/.env), transmitting the discovered API keys to the respective external providers. - [PROMPT_INJECTION]: The skill handles untrusted data that could be used for indirect injection.
- Ingestion points: Prompt data is ingested from CLI arguments and files (
--promptfiles), and configuration is loaded fromEXTEND.mdfiles. - Boundary markers: No specific boundary markers are used to delimit user-provided prompt content when it is forwarded to external APIs.
- Capability inventory: The skill has the capability to execute shell commands, perform network operations, and modify the local file system.
- Sanitization: The implementation does not appear to sanitize prompt strings or configuration values sourced from the environment before use in API calls or shell commands.
Audit Metadata