image-manipulation-image-magick
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution (SAFE): The skill executes the local
magickbinary to perform image transformations. The provided code examples for Bash and PowerShell use appropriate quoting for file paths and variables, mitigating shell injection risks. - Indirect Prompt Injection (LOW): The skill handles external image files which can serve as a vector for indirect prompt injection or exploitation of known parser vulnerabilities (e.g., ImageTragick) within the ImageMagick binary. 1. Ingestion points: Local file paths and directories defined in processing loops. 2. Boundary markers: Absent. 3. Capability inventory: Read and write access to the file system via the
magickexecutable. 4. Sanitization: Employs standard shell quoting for path variables.
Audit Metadata