imagegen
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill installs the 'openai' and 'pillow' packages from standard registries. 'openai' is a trusted source, and 'pillow' is a well-known library.
- COMMAND_EXECUTION (SAFE): The skill executes a bundled script 'scripts/image_gen.py' to perform its primary function, which is expected behavior.
- PROMPT_INJECTION (LOW): The skill presents a surface for indirect prompt injection (Category 8). \n
- Ingestion points: User-provided prompts and asset descriptions enter the context in the workflow defined in 'SKILL.md'. \n
- Boundary markers: The skill employs a structured 'Prompt augmentation' template to wrap user inputs into a labeled specification. \n
- Capability inventory: The skill has the ability to execute scripts and perform outbound network requests to the OpenAI API. \n
- Sanitization: Prompt augmentation rules advise against 'inventing new creative requirements', but no formal sanitization or filtering of prompt content is present.
- CREDENTIALS_UNSAFE (SAFE): The skill handles 'OPENAI_API_KEY' by requesting users set it as an environment variable and explicitly warns against sharing keys in the chat.
- Best Practice Violation (LOW): The file 'references/codex-network.md' advises users to disable network approval prompts ('approval_policy = "never"'), which reduces the security of the host environment.
Audit Metadata