gpt-image2
Warn
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The file
scripts/imgbb-upload.mjscontains a hardcoded, AES-encrypted API key (IMGBB_KEY_CIPHER_B64) that is decrypted at runtime using a derived key. This technique is used to embed a functional credential while evading simple static secret detection. - [DATA_EXFILTRATION]: The skill is configured to automatically upload local image files to the ImgBB service (
api.imgbb.com) when performing image edits in thegenerationstransport mode. This involves sending local filesystem data to a third-party server. - [COMMAND_EXECUTION]: The skill instructions in
SKILL.mdandREADME.mdrequire the agent to execute shell commands (node scripts/gpt-image2.mjs,npm link, etc.) and manage local configuration files that store API keys in plain text. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to the following surface:
- Ingestion points: Untrusted data enters the agent context through the
--imageflag (processed files) and--varflag (user-provided template variables) inscripts/gpt-image2.mjs. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill possesses network capabilities (
fetchfor API calls and ImgBB uploads) and file system access (fs.writeFileSyncfor saving images andfs.readFileSyncfor images/config). - Sanitization: No sanitization or validation of the content of variables interpolated into prompts is performed before they are sent to the LLM-compatible image API.
- Ingestion points: Untrusted data enters the agent context through the
Audit Metadata