Skills
skills/agentspace-so/agent-skills/gpt-image-2/Gen Agent Trust Hub

gpt-image-2

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the local codex CLI and python3 via a bash script to perform image generation and payload extraction. It uses safe subprocess invocation patterns, passing user-provided prompts via standard input rather than shell arguments to prevent command injection.
  • [PROMPT_INJECTION]: The skill accepts user-provided prompts and reference images which are passed to the codex CLI for image generation, creating a surface for indirect prompt injection.
  • Ingestion points: The --prompt and --ref arguments in scripts/gen.sh receive untrusted user input.
  • Boundary markers: The prompt is prefixed with a 'Request:' label within the internal instruction string.
  • Capability inventory: The skill executes the codex CLI (which performs network operations via the user's login) and writes files to the local system via scripts/extract_image.py.
  • Sanitization: The output image path is strictly validated in scripts/extract_image.py against system directories and allowed extensions. Additionally, the extracted payload is verified for image magic headers (PNG, JPG, WebP) before being written to disk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:15 AM