gpt-image-2
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to 'ai-factory.frevana.com' via curl to process image generation requests. This connection is consistent with the skill's primary purpose and targets the vendor's official API endpoint.
- [COMMAND_EXECUTION]: The skill executes a local bash script ('generate_image.sh') which utilizes python3 for local data validation and file handling. All command execution is scoped to the skill's specific purpose and does not involve untrusted remote code.
- [CREDENTIALS_UNSAFE]: The skill manages authentication via the 'FREVANA_TOKEN' environment variable or a command-line flag. It avoids hardcoding secrets and follows standard security practices for token management by prompting the user or reading from a secure environment.
- [SAFE]: The implementation includes extensive validation for image formats (PNG, JPG, WEBP), file sizes, and API response schemas to ensure safe and predictable operation.
Audit Metadata