images
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core functionality of reading and acting upon external file data.\n
- Ingestion points: The skill reads image files (JPEG, PNG) and HTML files (
src/**/*.html) from the filesystem.\n - Boundary markers: There are no defined delimiters or instructions to help the agent distinguish between data and potentially malicious instructions embedded in filenames or file content.\n
- Capability inventory: The skill uses the
Bashtool to execute optimization scripts, and theWriteandEdittools to manage file output.\n - Sanitization: No sanitization logic is provided to ensure that filenames or file contents are safe before being used as arguments in shell commands.\n- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local Node.js scripts, such asnode scripts/quality/optimize-images.js, using file paths as arguments. This could be exploitable if the environment does not properly handle or escape shell metacharacters in paths.
Audit Metadata