openai-image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill safely handles the
OPENAI_API_KEYby requiring it as an environment variable rather than hardcoding it. - [EXTERNAL_DOWNLOADS]: The script communicates with the official OpenAI API endpoint (
api.openai.com) and downloads generated images from the URLs provided by the service. - [COMMAND_EXECUTION]: The skill uses standard file system operations to save images and generate an HTML gallery. No dangerous or arbitrary command execution patterns were detected.
- [PROMPT_INJECTION]: The skill processes user-defined prompts. It mitigates potential cross-site scripting (XSS) risks by using
html.escapeto sanitize prompts and filenames before including them in the generatedindex.htmlgallery.
Audit Metadata