Skills
skills/pilioai/skills/gpt-image-2/Gen Agent Trust Hub

gpt-image-2

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses pnpm dlx @pilio/cli to download and execute the vendor's official CLI tool. This is standard functionality for accessing the Pilio API.
  • [COMMAND_EXECUTION]: Executes shell commands via the Pilio CLI to perform image tasks. The commands are scoped to the tool's intended purpose.
  • [CREDENTIALS_SAFE]: Specifically instructs the agent to use the PILIO_API_KEY from the environment and prohibits asking the user to provide keys in the conversation, adhering to security best practices.
  • [DATA_EXPOSURE]: Accesses local image files as reference inputs for image generation. This is a core feature of the skill and the data is sent to the vendor's API.
  • [PROMPT_INJECTION]: The skill accepts user-provided text prompts for image generation. While this is an indirect injection surface, it is the primary purpose of the tool, and the documentation suggests using quotes to delimit the input.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 05:18 AM