im-contact-sorter
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the external utilities
magick(ImageMagick) andpngquantfor image manipulation. These calls are made usingsubprocess.runwith list-based arguments, which prevents shell injection attacks. - [SAFE]: Data analysis and merging are performed entirely within the local environment. No network requests or data exfiltration attempts were detected.
- [SAFE]: The Python scripts utilize
yaml.safe_load()for parsing user-provided or model-generated YAML files, effectively preventing unsafe deserialization vulnerabilities. - [SAFE]: Regarding Indirect Prompt Injection (Category 8), the skill processes data derived from untrusted image content (OCR). However, it treats the extracted data strictly as structured YAML and uses safe parsing methods, minimizing the risk of instruction leakage into the agent context.
- [SAFE]: No hardcoded credentials, malicious persistence mechanisms, or obfuscated code patterns are present in the provided files.
Audit Metadata