baoyu-compress-image
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script executes system utilities like 'sips', 'cwebp', and 'convert' using 'child_process.spawn'. It correctly passes arguments as an array, which prevents shell injection vulnerabilities.- [EXTERNAL_DOWNLOADS] (SAFE): The skill references the 'sharp' library as a fallback. Sharp is a standard, well-known Node.js package for image processing, and its use here is consistent with the skill's primary purpose.- [DATA_EXPOSURE] (SAFE): The script includes functionality to delete the original image after a successful compression to replace it with the new version. This is the documented intended behavior, and the script validates the process by only deleting the source if the compression command returns a success code.
Audit Metadata