gpt-image
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the gpt-image-cli binary to perform core image tasks. It also utilizes common shell utilities such as cp to manage file versions and which to perform environment checks.
- [EXTERNAL_DOWNLOADS]: The instructions guide users to install the @zhoujinandrew/gpt-image-cli package from the NPM registry, which provides the necessary command-line interface for the skill.
- [PROMPT_INJECTION]: The skill's workflow for generating images from user input creates an indirect prompt injection surface.
- Ingestion points: User-provided descriptions are accepted via the -p parameter in the generate and edit commands found in SKILL.md.
- Boundary markers: The prompt templates in the skill instructions wrap user input in double quotes to delineate the strings.
- Capability inventory: The skill has the ability to execute subprocesses (gpt-image-cli), create directories, write files to the local system, and read image files.
- Sanitization: There is no evidence of input validation or escaping for user-supplied prompts before they are passed to the CLI tool.
Audit Metadata