pngimg-download
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches image metadata and binary files from pngimg.com.
- [COMMAND_EXECUTION]: Executes shell commands including curl and mkdir to handle image searching and file management.
- [PROMPT_INJECTION]: The skill processes external HTML content in download.sh. Ingestion points: external content from pngimg.com search results. Boundary markers: absent. Capability inventory: network read (curl), network write (curl -o), and directory creation (mkdir). Sanitization: the script uses a restrictive regular expression for pattern matching and path normalization via basename to ensure only valid filenames are processed, effectively mitigating potential indirect prompt injection or path traversal risks.
Audit Metadata