Skills
skills/halt-catch-fire/skills/gpt-image/Gen Agent Trust Hub

gpt-image

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data such as user-provided prompts and external image URLs.
  • Ingestion points: Data enters the skill context through the prompt, images, and mask parameters in the belt app run commands defined in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The skill has the capability to execute shell commands via Bash(belt *) and perform network operations through the belt CLI tool.
  • Sanitization: No sanitization or validation of the input strings or URLs is performed before they are passed to the shell command.
  • [COMMAND_EXECUTION]: The skill requires access to the belt CLI tool through the Bash tool. The frontmatter restricts this access to the belt command using Bash(belt *), which follows the principle of least privilege for this specific utility.
  • [EXTERNAL_DOWNLOADS]: The skill references external resources for installation and operation, including documentation on GitHub and the inference.sh domain. These downloads are necessary for the skill's stated purpose of providing an interface to the OpenAI GPT-Image-2 model via the specified service provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 02:15 AM
Security Audit — agent-trust-hub — gpt-image