baoyu-compress-image
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script uses the
spawnmethod to execute external image processing binaries such assips,cwebp, and ImageMagick'sconvert. These calls are constructed safely without shell interpolation.\n- [COMMAND_EXECUTION]: It invokes the systemwhichcommand to determine the availability of compression tools on the host environment.\n- [EXTERNAL_DOWNLOADS]: The skill is designed to run vianpx -y bun, which may download the Bun runtime if it is not already present on the system. Bun is a well-known and trusted development tool.\n- [COMMAND_EXECUTION]: The script uses dynamic imports to load thesharpimage processing library, which is a standard industry dependency.
Audit Metadata