image-processing
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The 'Get image metadata' section extracts and displays EXIF tags from images to the agent. This creates a surface for indirect prompt injection, as malicious text hidden in image metadata (e.g., comments or device info) could influence the agent's subsequent actions.
- Ingestion points: Image files opened by the PIL library in the metadata and batch processing sections.
- Boundary markers: None; metadata values are output directly in JSON format without delimiters or warnings to the agent.
- Capability inventory: The skill can write files, create directories, and execute shell-based Python commands.
- Sanitization: The code converts metadata values to strings and prints them without filtering or escaping.
- [COMMAND_EXECUTION]: The skill uses 'python3 -c' to run its manipulation logic. While the code strings are currently static, this pattern is a potential vulnerability point if user-supplied strings are interpolated into the execution command in the future.
Audit Metadata