Skills
NYC
skills/z0gsh1u/oh-my-writing-skill/image-processing/Gen Agent Trust Hub

image-processing

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill requires the Bash tool to execute a local processing script (scripts/image_processor.py). This is a legitimate functional requirement for an image processing skill but represents a capability that allows the agent to interact with the underlying shell.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill accepts untrusted text data via the --text parameter and interpolates it into a shell command. This creates a potential injection surface.
  • Ingestion points: The --text argument used in bash commands within SKILL.md captures user-provided or externally-sourced strings.
  • Boundary markers: None; the documentation does not specify the use of delimiters or 'ignore' instructions for the text input.
  • Capability inventory: The skill possesses Bash execution, Read, Write, and Edit permissions, enabling significant file system and command-line actions.
  • Sanitization: There is no evidence in the documentation of input sanitization or escaping for the shell arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:37 PM