gpt-image-v2
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines interactions with the official EachLabs API (api.eachlabs.ai), which is the verified domain of the skill author (eachlabs). All network operations are directed to this vendor-owned infrastructure.
- [SAFE]: The documentation adheres to security best practices by instructing users to manage credentials via environment variables (EACHLABS_API_KEY) and provides placeholders instead of hardcoded secrets.
- [PROMPT_INJECTION]: The skill provides an interface for the agent to process user-supplied natural language prompts for image generation and editing. While this constitutes a surface for indirect prompt injection (Category 8), it is necessary for the skill's primary function. The skill includes a security constraint to validate model schemas via the API before constructing inputs, which serves as a mitigation measure.
Audit Metadata