image-generation
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script located at an absolute path (
/Users/zilliz/zilliz/marketing-skills/skills/image-generation/scripts/generate_image.py). The script itself is not included in the skill files, making its behavior unverifiable. - [COMMAND_EXECUTION]: User-controlled input is directly interpolated into a shell command via the
--promptand--outputarguments. Without explicit sanitization or escaping, this creates a risk of command injection or arbitrary file writes depending on how the script handles these arguments. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it constructs command arguments from untrusted user descriptions.
- Ingestion points: User-provided visual requirements, style preferences, and output paths defined in
SKILL.md. - Boundary markers: The skill does not employ boundary markers or protective delimiters when passing user strings to the execution script.
- Capability inventory: The skill invokes a Python subprocess with the ability to write files to the local file system.
- Sanitization: No sanitization, validation, or escaping logic is described for the prompt or path strings before they are passed to the shell.
- [PROMPT_INJECTION]: The skill references fabricated AI model names such as "Gemini Nano Banana 2" and "gemini-3.1-flash-image-preview". This deceptive metadata could be used to bypass safety expectations or misrepresent the skill's actual processing logic.
Audit Metadata