openai-image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the official OpenAI API (
api.openai.com) to generate and retrieve image data. This is a well-known service, and the network activity is consistent with the skill's primary purpose. - [DATA_EXFILTRATION]: The script uses the
OPENAI_API_KEYenvironment variable to authenticate POST requests. The API key is transmitted only to the trusted OpenAI domain. - [SAFE]: Local file system operations are limited to creating a timestamped output directory and writing image files, a JSON manifest, and an HTML gallery. The script includes a
slugifyfunction to sanitize filenames derived from prompts, preventing potential file path issues or directory traversal.
Audit Metadata