Skills
skills/ypfaff/google-image-gen-skill/google-image-gen/Gen Agent Trust Hub

google-image-gen

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill takes user-supplied strings as <prompt> arguments for a Python script executed via Bash.
  • Ingestion points: User input passed directly to main.py as a command-line argument.
  • Boundary markers: None. There are no instructions to sanitize input or wrap it in delimiters to prevent command injection or model manipulation.
  • Capability inventory: The skill uses the Bash tool, allowing it to execute arbitrary commands and modify the filesystem (explicitly instructed to use ../../../ to reach the project root).
  • Sanitization: None observed in the provided instructions.
  • [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The setup process executes a local shell script (check_env.sh) and uv sync.
  • Evidence: The contents of check_env.sh and the dependency manifest (implied by uv sync) are not provided for analysis, representing a risk of executing unverified code during environment initialization.
  • [Command Execution] (MEDIUM): The skill relies on the high-privilege Bash tool for all operations, including image generation and environment setup. While necessary for the stated functionality, this increases the impact of any successful injection attack.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:48 PM