Skills
skills/dkyazzentwatwa/chatgpt-skills/sprite-sheet-generator/Gen Agent Trust Hub

sprite-sheet-generator

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Indirect Prompt Injection (SAFE): The skill processes local files and uses their filenames as CSS class names. This is a potential injection surface for malicious filenames, but is considered standard functionality for this type of utility.
  • Ingestion points: scripts/sprite_sheet_generator.py reads filenames from a directory using add_images_from_dir.
  • Boundary markers: Absent.
  • Capability inventory: Local file writing via PIL.Image.save and Python's open().write.
  • Sanitization: Filenames are not sanitized before being interpolated into the CSS string.
  • External Downloads (SAFE): The skill requires pillow, which is a well-known, trusted, and standard Python library for image manipulation.
  • Data Exposure & Exfiltration (SAFE): No sensitive files are accessed, and no network operations are present to exfiltrate data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:33 PM