Skills
skills/conardli/web-design-skill/gpt-image-2/Gen Agent Trust Hub

gpt-image-2

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill utilizes a library of over 80 structured templates that interpolate user-provided text to form final image generation prompts. This creates a surface for indirect prompt injection where malicious input could influence the generated prompt.
  • Ingestion points: User-supplied strings via --prompt and --promptfile arguments in generate.js and edit.js.
  • Boundary markers: Absent. Inputs are directly interpolated into template strings.
  • Capability inventory: Network access (fetch) and file system write (writeFile) are utilized across the execution scripts.
  • Sanitization: Prompt text is trimmed but not escaped; filenames generated from prompts are sanitized via a slugify function.
  • [EXTERNAL_DOWNLOADS]: The skill fetches binary image data from remote URLs returned by the configured image generation gateway.
  • Evidence: The fetchBytesFromUrl function in scripts/shared.js downloads data from URLs provided in the API response. This is standard behavior for OpenAI-compatible image APIs.
  • [DATA_EXFILTRATION]: The skill reads local configuration files, including those in the user's home directory, to retrieve API keys and endpoint settings.
  • Evidence: scripts/shared.js automatically loads environment variables from .env, .gateway.env, and ~/.gateway.env. While used for legitimate configuration, this involves accessing sensitive file paths.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 12:59 PM