Skills
skills/peterbamuhigire/skills-web-dev/image-compression/Gen Agent Trust Hub

image-compression

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection by ingesting untrusted data (images and filenames) which are then processed by the system.
  • Ingestion points: Untrusted data enters via handleImageSelect in references/client.md and the upload.single('image') route in references/server.md.
  • Boundary markers: The skill lacks explicit instructions to ignore embedded prompts in image metadata; however, it implements robust boundary protections via MIME type validation and random filename generation.
  • Capability inventory: The skill has capabilities to write to the local filesystem (fs.writeFile), upload to S3 (s3.upload), and execute image processing logic via sharp and squoosh.
  • Sanitization: Filenames are effectively sanitized by prepending a cryptographically secure random hash in references/storage.md. While the file extension is extracted directly from user input, the randomized prefix prevents directory traversal attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 07:54 PM