Skills
skills/composiohq/openclaw-composio/openai-image-gen/Gen Agent Trust Hub

openai-image-gen

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes external input (prompts) to perform network and file operations.
  • Ingestion points: The --prompt command-line argument in scripts/gen.py accepts arbitrary text.
  • Boundary markers: No delimiters or instructions are used to separate user-provided content from the system logic when building the API request or the HTML gallery.
  • Capability inventory: The script can make network requests to the OpenAI API, download files from remote URLs via urllib.request.urlretrieve, and write files to the local file system (images, JSON, and HTML).
  • Sanitization: While filenames are sanitized via a slugify function to prevent path traversal, the prompt text is inserted directly into the index.html file using f-strings without HTML escaping. This allows for HTML injection if a malicious prompt (e.g., containing <script> tags) is provided.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:12 PM