image-forge
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates image editing by interfacing with system utilities (
magick,rembg,sips). * All script implementations (image_pipeline.py,batch_ops.py,smart_crop.py,montage_builder.py) utilizesubprocess.runwith arguments passed as a list, ensuring secure execution and preventing shell injection vulnerabilities. * Theimage_pipeline.pyscript converts declarative JSON specifications into single-chained ImageMagick commands, minimizing file system overhead and intermediate state risks. - [SAFE]: Comprehensive review of the skill's code and metadata reveals no malicious patterns. * No evidence of hardcoded credentials, data exfiltration mechanisms, or persistence techniques was found. * External dependencies (Pillow, rembg, ImageMagick) are well-known, industry-standard tools. * The skill's architecture relies on deterministic command generation based on structured inputs.
Audit Metadata