pydicom
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a well-documented tool for medical imaging tasks, providing legitimate functionality for reading and writing DICOM files without any malicious intent.
- [EXTERNAL_DOWNLOADS]: The skill suggests installing several well-known, established open-source libraries from the official Python Package Index (PyPI) to support image processing and decompression.
- [DATA_EXFILTRATION]: Although the skill handles sensitive medical data, it explicitly includes guidance and scripts for anonymizing Protected Health Information (PHI) and contains no code for unauthorized data transmission.
- [SAFE]: Indirect prompt injection surface analysis: 1. Ingestion points: External DICOM files are read using pydicom.dcmread() in all scripts. 2. Boundary markers: Absent. 3. Capability inventory: File read/write and image conversion; no shell execution or network operations. 4. Sanitization: Absent (metadata is handled as-is). This surface is considered safe given the tool's specific medical purpose.
Audit Metadata