image-tools
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted external content, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through text extracted via OCR using
tesseractand content captured from external URLs viachromiumorwkhtmltoimage. - Boundary markers: No delimiters or safety instructions are defined to help the agent distinguish between data and instructions in the processed output.
- Capability inventory: The skill utilizes powerful system commands for file manipulation, text extraction, and web rendering.
- Sanitization: There is no evidence of sanitization or validation logic for the inputs (URLs, filenames) or the outputs (extracted text) within the skill.
- [COMMAND_EXECUTION]: The skill relies on several system-level utilities including ImageMagick tools (
convert,identify),tesseract, andchromium. While the provided examples use shell variable quoting, the execution of these commands with arbitrary user-supplied files or URLs requires robust input management by the agent.
Audit Metadata