generate-image
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The load_image_as_base64 function in scripts/generate_image.py reads files from arbitrary paths provided via the --input argument and sends their base64-encoded content to the OpenRouter API. This allows for the exfiltration of sensitive data like SSH keys or environment files if the agent is manipulated into using those paths.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Mandatory Evidence Chain: (1) Ingestion points: prompt and input_image path in scripts/generate_image.py; (2) Boundary markers: Absent; (3) Capability inventory: Network access (requests.post), file read (open), and file write (open); (4) Sanitization: Absent.
- [COMMAND_EXECUTION] (MEDIUM): The script performs file operations (read and write) using unvalidated paths from command-line arguments, which could be exploited for path traversal or unauthorized file access.
- [CREDENTIALS_UNSAFE] (MEDIUM): The check_env_file function recursively searches parent directories for .env files containing OPENROUTER_API_KEY, which may lead to the exposure of secrets located outside the skill's directory.
Recommendations
- AI detected serious security threats
Audit Metadata