google-image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes setup scripts and the main application using Bash commands (${CLAUDE_PLUGIN_ROOT}/scripts/check_env.sh, uv sync, main.py). These are internal vendor scripts.
- [PROMPT_INJECTION]: Features an indirect prompt injection surface common to generative AI tools.
- Ingestion points: Processes user-supplied text prompts via CLI arguments and style templates from local markdown files.
- Boundary markers: No explicit delimiters or boundary markers are defined in the SKILL.md to isolate user-provided data from system instructions.
- Capability inventory: Utilizes the Bash tool to execute python scripts that interface with external APIs.
- Sanitization: No input validation or sanitization routines are specified in the skill's instructions.
- [CREDENTIALS_UNSAFE]: References management of the GOOGLE_AI_API_KEY and points to a sensitive local configuration path (~/.config/google-image-gen/.env). This is documented for configuration purposes and does not involve hardcoded secrets or exfiltration.
Audit Metadata