image-tools
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's core script,
scripts/process.py, automatically detects the absence of thePillowlibrary and installs it from the Python Package Index (PyPI) to ensure the tool functions correctly. - [COMMAND_EXECUTION]: To handle dependency management, the skill executes system-level commands using the
subprocessmodule to invoke thepippackage manager. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of image metadata, which could contain malicious instructions designed to influence the agent.
- Ingestion points: The
scripts/process.pyscript reads image files from the file system, which may contain attacker-controlled metadata tags. - Boundary markers: The script's output does not use delimiters or explicit 'ignore instructions' warnings to isolate metadata content from the rest of the output provided to the agent.
- Capability inventory: The skill possesses file read/write capabilities and the ability to execute subprocesses for installation tasks.
- Sanitization: While the script truncates long metadata strings, it does not filter or sanitize the actual content of EXIF tags for potential instructional commands before they are displayed.
Audit Metadata