Codex Image — OAuth Image Generation

Trust Score 79/100

Generate images via the Codex CLI using OAuth (no API key). Handles argument parsing, save paths, and error messages for gpt-image-2 generation.

triggers:codex imagegpt-image-2codex execimage_gengenerate imageOAuth image

GitHub SKILL.md

What it does

Provides a reproducible flow for generating images through the Codex CLI's built-in image_gen tool (gpt-image-2) using Codex OAuth authentication. Automates auth checks, argument parsing (size, quality, count, output), safe timestamped file naming, and instruction to display generated images via the Read tool. Includes error handling for auth expiration, model access, timeouts, and rate limits.

When to use it

Use this skill when you want to create images from prompts without a direct OpenAI API key, particularly in interactive developer workflows where Codex CLI is available and OAuth login is preferred. Useful for prototyping assets, adding generated imagery to projects, or automating image creation in local developer environments.

What's included

Scripts: no separate scripts detected (has_scripts=false) but the skill contains detailed CLI commands and flow examples
References: links to expected Codex behavior and example file paths are included in the skill body
Instructions: step-by-step checks for codex installation/login, argument parsing, generation command, result display, and follow-up guidance.

Compatible agents

Developer-facing agents with Bash and filesystem access (Codex/Copilot/Claude Code style) that can run codex exec or surface instructions to a user.

Audit Summary

codex-image is a bilingual (English/Korean) skill that generates images via the Codex CLI's built-in image_gen tool using OAuth authentication, eliminating the need for API keys. No bundled scripts were present to test. The SKILL.md is well-structured with clear step-by-step instructions and an error handling table, though the prompt interpolation into shell commands presents a moderate injection risk.

Watch Out

User-supplied prompt is interpolated into shell command — potential injection vector if not sanitized
Requires Codex CLI installed and OAuth-logged-in
OAuth tokens cannot call OpenAI REST API directly (must go through codex exec)

Notes

Bilingual documentation is a nice touch. The shell injection risk from unsanitized prompt interpolation in Step 4 is the main security concern — the ${_PROMPT} variable is single-quoted but a determined user could break out. Consider adding input sanitization instructions.

Information

Repository: codex-image
Stars: 30

Trust Score

Overall79

Security88

Code Quality72

Architecture65

Usefulness62

Related Skills

Development Worktree

Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.

Readwise Reader Document Management

Manage Readwise Reader documents: list, save, search, move, tag, highlight, export and bulk-edit via official and custom CLIs.

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

Junshi — Research Advisor

Daily strategic research advisor that scans arXiv/venues, digests papers, and proposes bold, ranked research ideas tailored to the user's profile.

Full Stack Builder

End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Feishu Voice Sender

Convert MP3s and send them as native Feishu voice messages (playable voice clips) to users or groups.

Claw Bench

Benchmarking skill that guides an agent through a structured suite of capability tests and reporting steps for leaderboard submission.

Back to Skills