Trust Assessment
imagen received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Potential arbitrary file write via user-controlled output path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Potential arbitrary file write via user-controlled output path The skill description states that generated images are saved to a 'specified location' which can be provided by the user. If the underlying script (`scripts/generate_image.py`) does not properly sanitize or restrict the output path provided by the user, an attacker could specify an arbitrary file path. This could lead to overwriting existing files, writing to sensitive directories, or causing a denial of service by filling up disk space or corrupting system files. The `scripts/generate_image.py` script must implement strict validation and sanitization of the output file path. This should include restricting output paths to a designated, sandboxed directory, preventing directory traversal (e.g., `../`), and ensuring the path is not an absolute path outside the skill's designated workspace. | LLM | SKILL.md:27 |
Scan History
Embed Code
[](https://skillshield.io/report/612c9e544a22b0e0)
Powered by SkillShield