image-manipulation-image-magick
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands through the ImageMagick suite (magick and identify) to perform file-system operations on images.
- [EXTERNAL_DOWNLOADS]: Provides references to installing system-level dependencies from official and well-known package managers such as apt for Debian/Ubuntu and Homebrew for macOS.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface as the skill processes external image files which could potentially contain malicious payloads targeting vulnerabilities in image processing libraries.
- Ingestion points: Files located at paths like path/to/images/* as seen in SKILL.md.
- Boundary markers: None provided; the skill does not implement delimiters or 'ignore' instructions for the data being processed.
- Capability inventory: Shell command execution via subprocess calls to the magick utility (SKILL.md).
- Sanitization: No validation or sanitization of input image files is specified before they are passed to the command-line tool.
Audit Metadata