baoyu-compress-image
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script executes local system utilities such as 'sips', 'cwebp', and 'convert' using the
child_process.spawnmethod. This approach avoids shell execution, which mitigates risk of command injection. Input parameters like image quality are strictly validated as integers before use. - [EXTERNAL_DOWNLOADS]: The skill instructions suggest running the utility via
npx, and the script includes logic to dynamically import the 'sharp' library if system binaries are unavailable. These operations target well-known package registries (NPM) and represent standard dependency management for the tool's functionality.
Audit Metadata