Trust Assessment
gpt-image-1-5 received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 17 findings: 8 critical, 8 high, 1 medium, and 0 low severity. Key findings include Unsafe environment variable passthrough, File read + network send exfiltration, Credential harvesting.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The manifest_analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 11, 2026 (commit 326f2466). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings17
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:15 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:20 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:25 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:121 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:126 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:131 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:136 | |
| CRITICAL | Credential harvesting Reading well-known credential environment variables Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/scripts/generate_image.py:35 | |
| HIGH | Unsafe environment variable passthrough Access to well-known credential environment variables Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/scripts/generate_image.py:35 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:15 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:20 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:25 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:121 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:126 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:131 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Unknown | /var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-xe2u_xi0/repo/skills/gpt-image-1-5/SKILL.md:136 | |
| MEDIUM | Arbitrary File Write via User-Controlled Filename The skill allows writing to arbitrary file paths specified by the `--filename` argument. The `Path(args.filename)` is used to construct the output path, and `output_path.parent.mkdir(parents=True, exist_ok=True)` followed by `with open(output_path, 'wb') as f:` will attempt to create directories and write a file at any location accessible to the user running the skill. A malicious or careless user could specify a sensitive system path (e.g., `/etc/passwd` if permissions allow), potentially overwriting critical files or filling up disk space in unexpected locations. Restrict output file paths to a designated output directory or the current working directory. For example, resolve `args.filename` relative to the current working directory and prevent absolute paths or paths that traverse upwards (e.g., `../`) unless explicitly intended and secured. | Unknown | scripts/generate_image.py:176 |
Scan History
Embed Code
[](https://skillshield.io/report/5ab5b8ffdb461fb3)
Powered by SkillShield