gpt-image-2
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The Python script
scripts/gpt_image_2.pyutilizes thesubprocess.runfunction to interact with external system utilities. It callssopsto securely decrypt API keys from encrypted YAML files and usesmagick(ImageMagick) to perform image resizing and create contact sheets. These calls are constructed using lists of arguments without shell interpolation, providing protection against command injection. - [EXTERNAL_DOWNLOADS]: The skill performs network requests to
api.openai.comandopenrouter.aito transmit image generation prompts and receive generated image data. These are well-known and trusted service providers essential to the skill's operation. - [CREDENTIALS_UNSAFE]: Secret management is handled by attempting to retrieve API keys from environment variables or by decrypting authorized secret files using
sops. This approach is a standard security best practice for managing sensitive credentials without hardcoding them in the source code.
Audit Metadata