pydicom
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The scripts process untrusted external data (DICOM files) and display metadata to the agent's console, creating a surface for indirect prompt injection.
- Ingestion points:
scripts/extract_metadata.py,scripts/anonymize_dicom.py, andscripts/dicom_to_image.pyingest external files usingpydicom.dcmread(). - Boundary markers: Absent. There are no delimiters or warnings to the agent that output from DICOM tags should be treated as untrusted content.
- Capability inventory: The scripts perform file system operations (read/write) and console logging. They do not have network access or advanced system execution capabilities.
- Sanitization: While
anonymize_dicom.pyremoves PHI,extract_metadata.pydecodes and prints raw tag values (e.g., PatientName), which could contain malicious instructions designed to influence the agent when it reads the output. - [Data Exposure & Exfiltration] (SAFE): The skill is designed to improve data privacy by providing a dedicated anonymization script that removes or replaces sensitive PHI tags (PatientName, PatientID, etc.). No hardcoded credentials or unauthorized network operations were detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard, reputable Python libraries (
pydicom,numpy,pillow). No automated downloads or suspicious remote code patterns were found in the scripts.
Audit Metadata