generate-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The script transmits text prompts and base64-encoded image data to https://openrouter.ai/api/v1/chat/completions. This is the intended behavior for an image generation tool and targets a known AI service.\n- [CREDENTIALS_UNSAFE] (SAFE): The script retrieves the OPENROUTER_API_KEY from .env files or environment variables. No hardcoded credentials or unauthorized data exfiltration were detected.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill identifies a dependency on the standard Python requests library and provides instructions for its installation via pip.\n- [PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface as it processes external prompts and images.\n
- Ingestion points: prompt argument and --input image path in scripts/generate_image.py.\n
- Boundary markers: Absent; input is placed directly into the API request structure.\n
- Capability inventory: requests.post for API interaction and local file writing in scripts/generate_image.py.\n
- Sanitization: No content filtering is performed on the input prompt. This is a low-risk finding inherent to the tool's purpose.
Audit Metadata