imagemagick
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for software installation and system policy modification using elevated privileges (
sudo apt-get install imagemagick,sudo nano /etc/ImageMagick-6/policy.xml).\n- [COMMAND_EXECUTION]: The guide includes numerous examples of shell commands (magick,convert,mogrify,identify) and bash loops for batch image processing.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through the processing of external image files.\n - Ingestion points: Image files processed via various command-line utilities (SKILL.md).\n
- Boundary markers: Absent; command templates do not include delimiters or instructions to ignore embedded content.\n
- Capability inventory: Arbitrary shell command execution and in-place file modification capabilities (SKILL.md).\n
- Sanitization: Absent; the guide does not cover validation of image integrity or sanitization of file paths to prevent injection attacks.
Audit Metadata