DICOM Processing
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate instructions for medical imaging data processing using standard industry libraries.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of well-known and trusted Python packages such as pydicom, numpy, and pillow, as well as the official DCMTK toolkit through standard package managers.
- [COMMAND_EXECUTION]: Documents the use of standard DCMTK command-line tools for DICOM metadata analysis and network operations, which are typical for medical imaging workflows.
- [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection via processed DICOM files.
- Ingestion points: Untrusted data enters the agent context via pydicom.dcmread as documented in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded content are provided in the code examples.
- Capability inventory: Includes capabilities for local file writing (ds.save_as), command execution (dcmdump, dcmodify), and network operations (storescu, findscu).
- Sanitization: No explicit validation or sanitization of DICOM tag values is performed before processing.
Audit Metadata