baoyu-compress-image
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script invokes image processing utilities like
sips,cwebp, andconvert. These are executed usingchild_process.spawnwith argument arrays, which prevents shell command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill's documentation suggests using
npxto run the script with the Bun runtime. This is a standard method for ensuring environment-consistent execution and is not considered a security risk. - [SAFE]: No indicators of malicious behavior, such as data exfiltration, credential theft, or unauthorized persistence, were found. The skill performs its described functions in a transparent manner.
Audit Metadata