The Agent Skills Directory

[SAFE]: The skill manages API credentials using python-dotenv to read from ~/.gpt-image.env, which is a recognized safe practice for local development tools.
[SAFE]: All external communications are made to the well-known OpenAI API or a user-defined custom endpoint for image processing tasks.
[SAFE]: The Python script uses standard, well-maintained libraries (openai, Pillow, httpx) to perform its functions.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes user-provided text prompts and reference images without sanitization before sending them to the remote API.
Ingestion points: args.prompt and args.input file paths in gpt_image.py.
Boundary markers: Absent in the instructions and the implementation.
Capability inventory: Performs network GET requests via httpx and writes files to the local disk in gpt_image.py.
Sanitization: No input validation or output sanitization is implemented for prompts or API-returned URLs.

gpt-image-skill