pydicom
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted external binary data (DICOM files) and extracts textual metadata, creating a surface for injection. * Ingestion points: The skill uses
pydicom.dcmread()to ingest binary data inscripts/anonymize_dicom.py,scripts/dicom_to_image.py, andscripts/extract_metadata.py. * Boundary markers: Absent. Metadata extracted inextract_metadata.py(such as PatientName or StudyDescription) is returned as raw text strings without delimiters or instructions to ignore embedded commands. * Capability inventory: The skill has filesystem write access viads.save_as()andimage.save(). No network access or arbitrary command execution was found. * Sanitization: None. Extracted metadata is formatted for display but not sanitized or escaped for safe consumption by an LLM. - Data Privacy (INFO): The script
scripts/anonymize_dicom.pyis a privacy-enhancing utility designed to remove PHI. While beneficial, users should ensure thePHI_TAGSlist meets their specific regulatory requirements.
Audit Metadata