god-tibo-imagen
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is designed to read and reuse authentication tokens stored in the local file
~/.codex/auth.json. This file contains sensitive session data for the Codex/ChatGPT service. - [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing third-party packages from the NPM and PyPI registries (
god-tibo-imagen). It also suggests adding skills via a remote GitHub repository. - [COMMAND_EXECUTION]: The skill relies on shell command execution for its primary functionality, including package management (
npm,pip,npx) and the core image generation tool (gti). - [DATA_EXFILTRATION]: By reading local credential files while having permissions for
WebFetchandBash, the skill possesses the technical capability to exfiltrate authentication tokens to external servers. - [PROMPT_INJECTION]: The skill processes untrusted inputs from users and external image files, creating a surface for indirect prompt injection.
- Ingestion points: CLI prompt strings and reference images passed via the
--inputargument. - Boundary markers: The skill lacks explicit boundary markers or instructions to disregard embedded commands in user-provided content.
- Capability inventory: Access to
Bash,WebFetch,Read, andWritetools across its lifecycle. - Sanitization: No mention of input validation or sanitization of the multimodal data processed at runtime.
Audit Metadata