Skills
skills/inference-sh/skills/gpt-image/Gen Agent Trust Hub

gpt-image

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill documentation describes how to use the 'belt' CLI, which is a tool provided by the skill author (inference-sh). All external references, such as the inference.sh domain and the inference-sh GitHub organization, belong to the vendor and are used for legitimate configuration and documentation purposes.
  • [COMMAND_EXECUTION]: The skill uses the 'belt' command within a restricted Bash environment (defined in the allowed-tools frontmatter). This is the intended functionality for managing and running AI applications via the vendor's platform.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided prompts and image URLs via the '--input' flag of the 'belt' CLI. While this represents a data ingestion surface where external content enters the agent's context, it is the primary function of an image generation skill. The risk is minimal as the input is structured as JSON and processed by a specific remote application.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:39 PM
Security Audit — agent-trust-hub — gpt-image