pydicom
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): While the skill handles sensitive medical data (DICOM PHI), it does so within the context of its stated purpose. The
anonymize_dicom.pyscript specifically implements security best practices by providing a mechanism to strip PHI from files. No network operations or unauthorized data access patterns were detected. - [Indirect Prompt Injection] (SAFE): The skill processes external DICOM data which could contain malicious strings in metadata tags. However, the scripts are used for extraction and transformation; they do not use the content of these tags to generate commands or secondary AI actions, effectively mitigating the risk of indirect injection.
- [External Downloads] (SAFE): The scripts reference standard Python libraries (
pydicom,numpy,pillow). These are common dependencies for medical imaging and are not downloaded dynamically from untrusted sources within the skill code.
Audit Metadata