gpt-image-2
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill relies exclusively on the Python standard library, which eliminates risks associated with third-party supply chain attacks or unverified external dependencies.
- [COMMAND_EXECUTION]: The inclusion of
subprocess.runin thetests/test_gpt_image.pyfile is used solely for executing the skill's own CLI script during automated regression testing. This is a standard development practice and does not pose a security risk in the context of the agent's runtime environment. - [DATA_EXFILTRATION]: While the skill reads local files (images and masks) and sends them to a remote API endpoint, this is the intended and documented functionality of the tool. The destination URL and the files to be accessed are explicitly controlled by the user through configuration or command-line arguments.
- [EXTERNAL_DOWNLOADS]: The skill connects to well-known OpenAI API endpoints by default. Users can configure a custom base URL, which is a standard feature for OpenAI-compatible gateways.
Audit Metadata