volcengine-image-gen
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): A hardcoded API key was detected in the .env file (VOLCENGINE_IMAGE_API_KEY). This poses a significant risk as the key is stored in plain text and could be compromised if the skill's source code is shared or accessed by unauthorized parties.
- [DATA_EXFILTRATION] (LOW): The skill is configured to send data, including user-provided prompts and the API key, to an external endpoint (ark.cn-beijing.volces.com). While this is the functional purpose of the skill, it constitutes a data transmission to a third-party service.
Recommendations
- AI detected serious security threats
Audit Metadata