Skills
skills/paulrobello/claude-office/desk-accessory/Gen Agent Trust Hub

desk-accessory

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (SAFE): The script executes the magick tool and a local helper script. All shell variables are properly double-quoted to prevent command injection.
  • DYNAMIC_EXECUTION (LOW): The script invokes a helper script from a computed relative path (../../shared/scripts/remove_magenta.sh). This is a common pattern in the project structure but represents a dependency on the local directory layout.
  • INDIRECT_PROMPT_INJECTION (LOW): Vulnerability surface detected. 1. Ingestion point: input file argument ($1) in scripts/process_tintable.sh. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of magick and local scripts. 4. Sanitization: Validates file existence and uses quoted variables. Processing untrusted image files with ImageMagick carries a minor inherent risk of tool-specific vulnerabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM