agent-gen-image
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates image generation tasks by executing the
rawgenaiCLI utility with various provider-specific arguments and subcommands.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of therawgenaitool via a Homebrew tap (WHQ25/tap/rawgenai). This is an external dependency hosted by the skill author and is considered a legitimate vendor resource within the analysis context.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it interpolates user-provided text directly into shell commands for therawgenaitool. - Ingestion points: User prompts and reference image file paths provided during interaction.
- Boundary markers: Prompts are generally enclosed in double quotes within the CLI command templates.
- Capability inventory: The
rawgenaitool interacts with external AI provider APIs and performs file system operations to save generated images. - Sanitization: The instructions do not describe any explicit input sanitization or validation before passing user content to the command-line interface.
Audit Metadata