Skills
skills/siatwangmin/baoyu-skills/baoyu-compress-image/Gen Agent Trust Hub

baoyu-compress-image

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The script uses child_process.spawn to execute system binaries including sips, cwebp, and convert (ImageMagick).
  • Evidence: Found in scripts/main.ts within runCmd and commandExists functions.
  • Risk: Relies on the security and presence of host-level binaries. While it avoids shell injection by using argument arrays, it still grants the agent the ability to invoke these tools on arbitrary paths provided by the user.
  • [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill is susceptible to manipulation where an agent might be directed to 'compress' sensitive non-image files.
  • Evidence: unlinkSync(absInput) in processFile (scripts/main.ts) deletes the source file if the --keep flag is not set.
  • Capability: The skill has both read access to files and the ability to delete them.
  • Risk: If the agent processes a sensitive file (e.g., an SSH key) thinking it is an image, and the compression tool produces any output or dummy file, the original sensitive file could be deleted.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill uses npx -y bun and performs a dynamic import of the sharp library.
  • Evidence: await import("sharp") in compressWithSharp (scripts/main.ts).
  • Risk: Fetches and executes code from the npm registry at runtime. While sharp is a trusted package, dynamic dependency resolution introduces a minor risk of supply chain interference.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 12:41 AM