image-studio
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a local environment file (.labnana.env) to manage API credentials, correctly instructing users to keep this file private and preventing accidental disclosure in logs or conversations.
- [SAFE]: External communication is restricted to legitimate endpoints for image generation services (api.labnana.com and generativelanguage.googleapis.com), with no signs of data exfiltration to unauthorized domains.
- [SAFE]: The execution logic is encapsulated in a dedicated Python script that uses standard libraries for networking and file operations, avoiding unsafe practices like dynamic code evaluation or remote script execution.
- [SAFE]: The workflow incorporates four explicit user confirmation stages using the AskUserQuestion tool, ensuring the agent does not perform file writes or network requests without direct oversight.
- [SAFE]: Prompt construction uses static templates that clearly separate system specifications from user-provided content, reducing the risk of accidental prompt injection and maintaining control over the model's behavior.
Audit Metadata