image-compress-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill directs the agent to execute
./scripts/install.shif the required tool is not found. Running unverified shell scripts allows for arbitrary command execution and host environment compromise.- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill depends on a non-standard binaryimage-compress-tool. This requirement introduces a supply chain risk, as the binary is not sourced from a trusted package manager or repository.- [REMOTE_CODE_EXECUTION] (HIGH): Automated security scans have blacklistedmain.rs, which the skill identifies as the 'Golden Path' reference implementation. Instructing an agent to implement logic based on flagged malicious code poses a direct threat of executing harmful operations during the image processing lifecycle.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata