Skills
skills/the1studio/theone-training-skills/media-processing/Gen Agent Trust Hub

media-processing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The shell scripts scripts/remove-background.sh and scripts/batch-remove-background.sh contain logic to automatically execute npm install -g rmbg-cli if the command is not found on the system.
  • Evidence: Lines 57-62 in scripts/remove-background.sh and lines 65-70 in scripts/batch-remove-background.sh attempt a global installation from the public npm registry without prompting the user.
  • Context: While rmbg-cli is a documented dependency, automatic installation of third-party packages during execution is a security risk as it can pull unverified code into the environment.
  • COMMAND_EXECUTION (LOW): The skill makes extensive use of subprocess calls to system binaries (FFmpeg, ImageMagick, RMBG). While this is the intended functionality, it grants the agent broad control over the local filesystem and system resources when processing files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:26 PM