Skills
skills/erafat/skills/baoyu-compress-image/Gen Agent Trust Hub

baoyu-compress-image

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script interacts with local binaries for image processing, including sips, cwebp, and ImageMagick's convert tool.
  • Evidence: The skill implements secure command execution by passing arguments as arrays to the spawn function (e.g., in the runCmd function), which mitigates the risk of shell injection attacks.
  • [REMOTE_CODE_EXECUTION]: The implementation involves the dynamic loading of an external library.
  • Evidence: The script dynamically imports the sharp library using (await import("sharp")).default if available. This is a common and legitimate pattern for handling optional dependencies in modern JavaScript environments.
  • [DATA_EXFILTRATION]: The skill performs file operations solely on the local filesystem and does not exhibit any data exfiltration behavior.
  • Evidence: Analysis of the main.ts script shows that while it can read and delete local image files (as part of its optimization purpose), it contains no network operations or logic to transmit data to external servers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:05 AM