image-processing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly susceptible to command injection through malicious filenames or directory names.
- Ingestion points: Filenames, directory paths, and glob patterns provided as input (e.g.,
photo.jpg,./photos/). - Boundary markers: None identified. The skill does not describe any mechanism to isolate or escape the filenames when they are interpolated into shell commands.
- Capability inventory: The skill uses
Bash(magick:*),Bash(bun:*), andBash(convert:*)to perform operations. - Sanitization: No sanitization logic is described. A filename like
$(touch EXPLOIT).jpgcould lead to arbitrary command execution when processed by the agent. - [Command Execution] (HIGH): The skill's
allowed-toolsconfiguration uses broad wildcards (magick:*,bun:*). This grants the agent the ability to execute these binaries with any flags or arguments, which could be abused if the agent is manipulated via prompt injection. - [External Downloads] (LOW): The documentation recommends external installation of ImageMagick via Homebrew (
brew install imagemagick). As this is a manual user step and not an automated runtime download of untrusted code, it is categorized as LOW risk.
Recommendations
- AI detected serious security threats
Audit Metadata