baoyu-compress-image
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script executes system commands like
sips,cwebp, andconvertto process images. These are called usingchild_process.spawnwith arguments passed as an array, which is a secure implementation that prevents shell-based command injection. - [EXTERNAL_DOWNLOADS]: The skill uses
npx -y bunto run the compression script.npxis a standard utility that may fetch the Bun runtime from the official npm registry, which is a trusted and well-known service. - [COMMAND_EXECUTION]: The skill performs a dynamic import of the
sharplibrary. This is a standard method for loading well-known, reputable image processing libraries and does not involve untrusted remote sources.
Audit Metadata