The Agent Skills Directory

[DATA_EXPOSURE]: The script scripts/gpt-image accesses the sensitive file ~/.codex/auth.json to retrieve OpenAI authentication tokens (access, refresh, and ID tokens). This is the core functionality of the skill as described in the documentation.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to official OpenAI domains, specifically auth.openai.com for token refreshment and chatgpt.com for image generation. These are well-known services and essential for the tool's primary purpose.
[COMMAND_EXECUTION]: The package includes a Python script scripts/gpt-image designed to be executed from the terminal. It includes an installation script scripts/install.sh that copies the utility to ~/.local/bin and suggests PATH modifications, which is standard behavior for CLI tools.
[SAFE]: The Python script is written using only the standard library (stdlib-only), meaning it has no external pip dependencies that could introduce supply-chain risks.
[SAFE]: Credentials refreshed by the tool are cached locally in ~/.config/gpt-image/token.json with restricted permissions (chmod 600), following security best practices for token management.

cli-gpt-image