ai-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill accepts user-defined prompts and output paths, which is necessary for its function. While this presents an ingestion surface for untrusted data, the risk is mitigated by the intended use case. * Ingestion points: --prompt and --output arguments in main.py. * Boundary markers: None present in prompt construction. * Capability inventory: Binary file writing to the local filesystem. * Sanitization: None performed on input strings.
- [External Downloads] (SAFE): Network operations are restricted to communication with the OpenAI API and downloading resulting image data from API-provided URLs. OpenAI is a trusted external source.
- [Command Execution] (SAFE): CLI execution follows standard patterns with no evidence of shell injection or unauthorized privilege escalation.
Audit Metadata