baoyu-compress-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (SAFE): The implementation in
scripts/main.tsuseschild_process.spawnwith argument arrays to invokesips,cwebp, andconvert. This approach is safe against shell injection vulnerabilities. - Indirect Prompt Injection (LOW): The skill handles external image files and has the authority to delete files, creating a minor attack surface. 1. Ingestion points: Processes user-provided image files in
scripts/main.ts. 2. Boundary markers: None identified in the provided instructions. 3. Capability inventory: UsesunlinkSync,renameSync, andspawninscripts/main.ts. 4. Sanitization: Filters input through a hardcoded whitelist of image extensions.
Audit Metadata