imagegen
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill features a surface for indirect prompt injection as it interpolates user-controlled strings into the final prompts sent to the image generation model.
- Ingestion points: Ingests user-provided text through command-line arguments and external prompt files read by
scripts/image_gen.py. - Boundary markers: Employs labeled sections (e.g., 'Primary request:', 'Constraints:') to structure prompts, but lacks cryptographic delimiters or explicit instructions to the model to ignore potential directives embedded within the user input.
- Capability inventory: The skill is capable of executing its own Python CLI, writing image and temporary data files to the disk, and performing network operations via the OpenAI API.
- Sanitization: Input strings are largely unsanitized before being added to the API payload, with sanitization limited to filename-safe slugification for output files.
- [EXTERNAL_DOWNLOADS]: The skill requires external dependencies and communicates with a well-known service provider.
- Evidence: References and installs the
openaiandpillowPython packages from public registries. - Evidence: Makes legitimate outbound requests to OpenAI's official API domains to perform image generation and editing.
- [COMMAND_EXECUTION]: The skill uses a bundled command-line utility to interface with the external API.
- Evidence: Executes the internal script
scripts/image_gen.pyto handle the logic for image creation, editing, and batch processing.
Audit Metadata