image-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): The tool interpolates local file paths directly into the user prompt sent to OpenAI. Maliciously named files (e.g., 'ignore_all_instructions.png') could potentially influence the LLM's optimization report content.\n
- Ingestion points:
src/index.tsuses theglobpackage to scan the filesystem for images.\n - Boundary markers: Absent. File information is concatenated with simple newlines.\n
- Capability inventory: The LLM output is only printed to the console using
console.loginsrc/cli.ts, limiting impact to deception.\n - Sanitization: No sanitization or escaping is performed on the file paths before they are included in the prompt context.\n- [Data Exposure & Exfiltration] (LOW): The tool transmits absolute local file paths and metadata (size, extension) to the OpenAI API (non-whitelisted domain).\n
- Evidence:
src/index.ts(lines 41-52) demonstrates the aggregation and transmission of path data toopenai.chat.completions.create.
Audit Metadata