openai-image-vision
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes images from external URLs or local paths that may contain text instructions (OCR) designed to influence the agent's behavior. This is an inherent risk of vision-based AI features. Ingestion points: scripts/vision.sh accepts a file path or URL as the first argument. Boundary markers: No specific instructions are added to the API prompt to tell the model to ignore instructions found within the images. Capability inventory: The skill can perform network requests via curl and execute system utilities for image processing. Sanitization: The script escapes double quotes in the user's question before embedding it in the JSON payload.
- [COMMAND_EXECUTION]: The script executes standard system utilities including curl, base64, sips (macOS), and convert (ImageMagick) to perform its intended functions. These commands are used correctly with variable quoting to prevent simple shell injection.
- [EXTERNAL_DOWNLOADS]: The skill makes outbound HTTPS requests to api.openai.com, which is a well-known and trusted service. No executable code or scripts are downloaded for execution.
Audit Metadata