openai-image-generation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The script
generate_image.shusescurlto communicate withapi.openai.com. While this is the intended functionality of the skill, it involves network requests to a non-whitelisted domain according to the security framework. - [COMMAND_EXECUTION] (SAFE): The skill executes shell scripts and Bun commands. Analysis of
generate_image.shshows that input variables (like--prompt) are handled usingjq --arg, which prevents shell command injection. Arguments are generally well-quoted throughout the script. - [DATA_EXFILTRATION] (LOW): The script allows the user/agent to specify an
--input-imagepath. This file is then uploaded to OpenAI's API viacurl -F. While intended for image editing, a malicious actor could use indirect prompt injection to trick the agent into uploading sensitive text files (e.g.,.envor SSH keys) by passing them to the--input-imageparameter. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: The
--input-imageand--maskparameters ingenerate_image.shallow reading any file accessible to the agent process. - Boundary markers: No markers or validation steps are present to ensure the files provided are actually images before transmission.
- Capability inventory: The skill can read local files (
curl -F "image=@...") and perform network operations to an external API. - Sanitization: There is no sanitization or file-type validation (e.g., checking magic bytes) on the input files.
Audit Metadata