Skills
skills/dieterwang7/huateamassistant-baoyu-skills/baoyu-compress-image/Gen Agent Trust Hub

baoyu-compress-image

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external data (user-provided images). Maliciously crafted images or metadata could exploit vulnerabilities in the underlying processing tools (e.g., ImageMagick's history of CVEs like ImageTragick).
  • Ingestion points: The <input> argument in scripts/main.ts.
  • Boundary markers: None identified in the instruction file to isolate untrusted data.
  • Capability inventory: Shell command execution (sips, cwebp, ImageMagick) and file system write access.
  • Sanitization: No sanitization logic is described in the prompt instructions to prevent exploitation of the image processing tools.
  • [Command Execution] (MEDIUM): The skill invokes system-level binaries via a CLI wrapper. If the main.ts script does not properly sanitize filenames or options before passing them to the shell, it could be vulnerable to command injection.
  • [External Downloads] (LOW): The execution command npx -y bun allows for the automated download of the bun runtime from the npm registry at runtime. While bun is a standard tool, the lack of version pinning or integrity checks through npx -y is a minor security risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:34 AM