Image Gen — AI 图像生成

Name: wpsnote-skills/image-gen
Author: wpsnote

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to prompt injection, exposes API

ThreatsCI SM CS BC S HITL

incomplete

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Image Gen — AI 图像生成: 支持文生图 + 图生图，自动管理 API Key，生成结果可直接插入 WPS 笔记。

Actually does

The skill executes a Python script (`comm_script/image_gen.py`) to generate images via OpenRouter, Alibaba Cloud Bailian, Volcengine Ark, or Google Gemini APIs. It encrypts and stores API keys in WPS notes using `wpsnote-cli` for persistence. Generated images are saved locally and can be inserted into WPS notes using `wpsnote-cli` or a fallback MCP function.

Threat Analysis

AI Agent Traps ↗Scanned 5/5/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namewpsnote/wpsnote-skills/image-gen

Registrygithub

Version35267e6c6a7b

PURLpkg:github/wpsnote/wpsnote-skills@35267e6c6a7b?skill=image-gen

Stars130

Installs9

Source

Repository ↗SKILL.md ↗

SHA-2566e292ce2d71f...

SHA-1055023af7a7f...

MD550b0473da1cf...

TLSH3302d92ebdf9...

ssdeep192:7NGOVzEo...

Size8,529 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/wpsnote/wpsnote-skills

9 installs

Claude CodeDocs

/plugin marketplace add wpsnote/wpsnote-skills

/plugin install image-gen@wpsnote/wpsnote-skills

Skills.shDocs

npx skills add https://github.com/wpsnote/wpsnote-skills

Assessments (2)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.98)

98% confidence

Third-party MCP Plugin Credential Exposurehighsupply chain

The skill explicitly warns that third-party MCP plugins can read encrypted API keys from WPS Notes, indicating a significant supply chain risk where malicious plugins could steal sensitive credentials.

100% confidence

⚠️ 如果你添加了第三方 MCP 插件，该插件可读取笔记内容（含密文）

Custom API Key Encryption and Sensitive Script Executionhighhardcoded secrets

The skill implements a custom AES encryption for API keys, deriving the key from device/note IDs. Raw user-provided API keys are passed as command-line arguments to a local Python script for encryption, creating a sensitive attack surface for credential harvesting or manipulation if the script or environment is compromised.

100% confidence

python3 comm_script/image_gen.py encrypt-key ... --key "{用户提供的Key}"

Potential for Local File Exfiltration via Image Insertionlowdata exfiltration

The `wpsnote-cli insert-image` command and its MCP fallback can insert images from local paths. If the `src` parameter can be manipulated by an attacker, it could potentially be used to exfiltrate arbitrary local files by embedding them into notes.

100% confidence

wpsnote-cli insert-image --src "{图片本地路径或URL}"

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/wpsnote/wpsnote-skills/image-gen.svg)](https://mondoo.com/ai-agent-security/skills/github/wpsnote/wpsnote-skills/image-gen)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/wpsnote/wpsnote-skills/image-gen"><img src="https://mondoo.com/ai-agent-security/api/badge/github/wpsnote/wpsnote-skills/image-gen.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/wpsnote/wpsnote-skills/image-gen.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow