image-gen
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements legitimate image generation functionality via the official OpenAI API. All network communications target the well-known and trusted 'api.openai.com' domain.
- [SAFE]: API credentials are handled securely through environment variables (OPENAI_API_KEY). No hardcoded secrets, tokens, or private keys were detected in the source code or documentation.
- [SAFE]: File operations are restricted to local directories and standard temporary paths. The skill uses appropriate sanitization techniques, such as slugifying prompts for filenames, to prevent directory traversal or file system exploitation.
- [SAFE]: The code utilizes standard system libraries (urllib in Python, https and fs in Node.js) for its operations. No dangerous dynamic code execution (e.g., eval or exec) or unauthorized privilege escalation patterns were identified.
- [SAFE]: Built-in prompt validation ensures that user-provided inputs fall within safe length constraints, and the skill provides clear error handling for API-level content policy violations.
Audit Metadata