Skills
skills/wxul/openrouter-generate-image-skill/generate-image/Gen Agent Trust Hub

generate-image

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script generate-image.ts is vulnerable to path traversal. The --dir and --output arguments are used in path.join and path.resolve without sanitization, allowing a user-provided prompt to potentially trigger the writing or overwriting of sensitive files outside the intended directory (e.g., ~/.bashrc).
  • [EXTERNAL_DOWNLOADS]: The skill uses npx tsx to execute its logic. This triggers the download and execution of the tsx package and its dependencies from the npm registry at runtime.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data and has significant system capabilities.
  • Ingestion points: The prompt argument in generate-image.ts accepts arbitrary user-controlled text.
  • Boundary markers: None. The prompt is interpolated directly into a JSON request body for an external API.
  • Capability inventory: The script has file system write access (writeFileSync), directory creation (mkdirSync), and network access via the https module.
  • Sanitization: There is no sanitization or validation performed on the user-provided prompt or the resulting output paths.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 09:46 AM