wangyan-gemini-image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for installing the
uvpackage manager using a piped shell command fromastral.sh. Astral is the well-known developer of theuvandrufftools, making this a reference to a trusted service. - [COMMAND_EXECUTION]: The skill uses
uv runto execute its internal image generation script. This is the intended primary purpose of the skill and follows standard execution patterns for Python-based agent skills. - [EXTERNAL_DOWNLOADS]: The skill's Python script (
generate_image.py) includes a feature to download generated images from a model-provided URL if the API returns a link instead of raw data. This is a standard functional requirement for image generation tasks. - [CREDENTIALS_UNSAFE]: The documentation and code include examples and placeholders for API keys (e.g.,
sk-xxx,your-api-key). These are clearly identified as placeholders and do not contain actual hardcoded secrets.
Audit Metadata