god-tibo-imagen

Warn

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill is designed to read the file ~/.codex/auth.json to reuse existing session tokens from the Codex CLI. Accessing sensitive local credential files is a significant security risk as these tokens could be exfiltrated if the skill or its dependencies are compromised.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the god-tibo-imagen package from both the npm registry and PyPI. Additionally, it references a remote repository https://github.com/akillness/jeo-skills as a source for adding the skill to an agent environment.
  • [COMMAND_EXECUTION]: The skill requests Bash tool permissions and relies on executing CLI commands like gti and package managers. Executing arbitrary commands via the shell introduces a broad attack surface and potential for privilege escalation.
  • [PROMPT_INJECTION]: The skill processes untrusted input through text prompts and reference images, creating an attack surface for indirect prompt injection.
  • Ingestion points: User-provided strings via the --prompt flag and local files via the --input flag.
  • Boundary markers: None identified; user-provided data is interpolated directly into generation requests without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has access to file writes (Write), network requests (WebFetch), and shell execution (Bash).
  • Sanitization: There is no evidence of input validation, escaping, or filtering of the content provided in prompts or image metadata.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 07:06 AM
Security Audit — agent-trust-hub — god-tibo-imagen