The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script communicates exclusively with OpenAI's official API endpoint (https://api.openai.com/v1/images/generations) to generate images. This is the primary intended purpose of the skill and uses a well-known service domain.- [CREDENTIALS_UNSAFE]: The skill correctly manages authentication by retrieving the OPENAI_API_KEY from the environment variables (os.environ.get("OPENAI_API_KEY")). No hardcoded keys or secrets were found in the source code.- [DATA_EXFILTRATION]: Network operations are limited to sending prompts to OpenAI and downloading the resulting image assets from URLs returned by the API. There is no evidence of unauthorized data collection or transmission to third-party servers.- [COMMAND_EXECUTION]: The script uses standard Python libraries for file system operations (pathlib) and HTTP requests (urllib). It does not invoke risky shell commands or subprocesses.- [INDIRECT_PROMPT_INJECTION]: While the skill accepts user-provided prompts via the --prompt flag, these are passed directly as data strings to the OpenAI API. The skill does not perform any complex instruction parsing or dynamic code generation based on this input that would create an injection risk for the local environment.

openai-image-gen