image-processing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a vulnerability surface where untrusted data from image files could influence agent behavior.
- Ingestion points: Metadata extraction is performed on image files using
img._getexif()inSKILL.md. - Boundary markers: Absent. There are no delimiters or instructions to the agent to ignore instructions embedded within the image metadata tags.
- Capability inventory: The skill performs file system writes via
img.save()and console output viaprint(). - Sanitization: Absent. The code directly prints EXIF tag values without validation or escaping. An attacker could craft an image with malicious text in tags like 'UserComment' to trigger unintended agent actions.
Audit Metadata