ai-gpt-image-2

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion surfaces.
  • Ingestion points: Untrusted data enters the context through materialUrl (external URLs) and materialText (user-provided descriptions) defined in references/form-schema.json and SKILL.md.
  • Boundary markers: The provided instructions do not define explicit delimiters or security markers to isolate untrusted input from the agent's core instructions.
  • Capability inventory: The skill uses scripts/run.py to perform network operations via urllib.request.urlopen to the vendor's API at https://ai-skills.ai. No sensitive file system access or subprocess execution capabilities were found.
  • Sanitization: There is no evidence of sanitization or filtering for the external content before it is passed to the execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — ai-gpt-image-2