imgsvc
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation specifies a requirement for a binary named 'imgsvc'. Running custom binaries from unverified third-party sources poses a risk of executing malicious code on the local system.
- [EXTERNAL_DOWNLOADS]: The skill references an external project hosted on GitHub at 'imgsvc/imgsvc'. This source is not recognized as a trusted organization or well-known service provider.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: The 'imgsvc open' command fetches raw source code from arbitrary external URLs. 2. Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted or to ignore embedded instructions. 3. Capability inventory: The skill can execute the 'imgsvc' binary and write files to the disk using 'imgsvc download'. 4. Sanitization: Absent; there is no evidence of filtering or validation of the content retrieved from external sources.
- [DATA_EXFILTRATION]: The tool explicitly features 'automatic wall-flipping' (VPN/Proxy functionality). While intended for accessing blocked content, this capability can be abused to bypass corporate firewalls and network security controls, potentially allowing data to be exfiltrated through unmonitored channels.
Audit Metadata