imagemagick
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides installation commands for ImageMagick using trusted system package managers like Homebrew and APT, which fetch software from official repositories.
- [COMMAND_EXECUTION]: Documents the execution of ImageMagick binaries such as
magick,convert, andidentifyfor image processing tasks. It also includes instructions for usingsudoto install packages and modify security policies, which are standard administrative actions for this tool. - [PROMPT_INJECTION]: Features an indirect prompt injection surface (Category 8) because the agent is instructed to process external image files that could contain malicious embedded data.
- Ingestion points: Image files are read by the
magick,mogrify, andidentifycommands. - Boundary markers: No boundary markers or specific 'ignore instructions' warnings are provided for the processed content.
- Capability inventory: The skill utilizes subprocess calls to execute multiple ImageMagick binaries with various flags.
- Sanitization: No sanitization or validation of the input files is described or implemented in the examples.
Audit Metadata