Skills
skills/forever-efficient/pitfal-solutions-website/optimize-images/Gen Agent Trust Hub

optimize-images

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill contains a shell injection vulnerability in the image discovery step.\n
  • Evidence: The variable ${ARGUMENTS} is used without quoting or sanitization in the command find ${ARGUMENTS:-./public/images} .... An attacker could provide a directory path containing shell metacharacters (e.g., ; rm -rf /) to execute arbitrary commands on the host system.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill performs unverified software installation during execution.\n
  • Evidence: The command pnpm add -D sharp-cli downloads and installs a package from the public npm registry without version pinning or hash verification, introducing a supply chain risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:10 AM