psd-layer-reader
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's codebase was audited across all threat categories. No malicious patterns, such as obfuscation, credential exfiltration, or unauthorized network access, were identified.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes the 'psd-tools' Python package, which is a well-known and trusted library for PSD file parsing. This dependency is documented for installation in the skill's setup instructions and follows standard practices for external library usage.\n- [PROMPT_INJECTION]: The skill processes external PSD files, which is an inherent surface for indirect prompt injection via malicious layer names or text content. This is a standard risk for data extraction tools and the skill includes mitigation logic.\n
- Ingestion points: Binary PSD files loaded via scripts/psd_layers.py.\n
- Boundary markers: Absent; extracted strings are placed directly into the JSON structure.\n
- Capability inventory: Local file read (PSD) and write (JSON) operations only.\n
- Sanitization: Implements normalization and uniqueness logic for layer names in scripts/utils.py to ensure they are safe for use as identifiers or filenames.
Audit Metadata