imagegen
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is well-documented and its functionality matches its stated purpose of managing image generation and editing tasks.
- [EXTERNAL_DOWNLOADS]: The skill requires standard Python packages (
openai,pillow) which are well-known and hosted on official registries. Documented usage ofuvorpipfor installation is standard practice. - [COMMAND_EXECUTION]: All operations are performed via the included
scripts/image_gen.py. The script uses standard libraries to handle command-line arguments and interact with the OpenAI SDK. - [CREDENTIALS_UNSAFE]: The skill correctly handles sensitive credentials by instructing the user to set the
OPENAI_API_KEYas an environment variable and explicitly warns against pasting the key into the chat. - [DATA_EXFILTRATION]: Network activity is restricted to official OpenAI API endpoints required for the skill's primary function. There is no evidence of unauthorized data collection or transmission to third-party servers.
- [PROMPT_INJECTION]: The skill uses a 'prompt augmentation' technique that wraps user input into a structured template (e.g., 'Primary request: <user_input>'). This provides a layer of separation between user data and instructions.
- [SAFE]: File system operations are localized to specific project directories (
tmp/imagegen/andoutput/imagegen/) for temporary and final artifacts.
Audit Metadata