openai-image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure coding practices, including sanitizing filenames to prevent path traversal and escaping HTML content in the generated output gallery to prevent cross-site scripting (XSS). No malicious patterns such as obfuscation or persistence mechanisms were detected.
- [EXTERNAL_DOWNLOADS]: Fetches image data from OpenAI's official API endpoints. These are well-known services and the activity is restricted to the skill's intended purpose of image generation.
- [DATA_EXFILTRATION]: Transmits the
OPENAI_API_KEYto the official OpenAI API host (api.openai.com) for authentication. This is legitimate use of credentials for a well-known service as described in the skill's purpose. - [COMMAND_EXECUTION]: Documentation provides standard shell commands for running the local Python generator script and viewing the resulting gallery file.
Audit Metadata