gpt-image-playground
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation includes examples of passing the OpenAI API key as a URL query parameter (e.g.,
?apiKey=sk-xxxx). This practice is insecure as it exposes sensitive credentials in browser history, local logs, and referring headers. - [EXTERNAL_DOWNLOADS]: The setup process requires fetching code and container images from external sources, specifically
github.com/CookSleep/gpt_image_playground.gitandghcr.io/cooksleep/gpt_image_playground, which are not associated with trusted organizations. - [COMMAND_EXECUTION]: The skill instructs the agent/user to execute shell commands for cloning repositories, installing Node.js dependencies (
npm install), and running Docker containers, which leads to the execution of code from external and unverifiable sources.
Audit Metadata