photo-metadata
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
exiftoolcommand-line utility for its core functionality. The accompanyingembed.pyscript manages these operations usingsubprocess.runwith several security-conscious design choices: - It constructs commands using lists rather than shell strings, which prevents shell injection vulnerabilities.
- It utilizes the
--argument separator to ensure that filenames (even those starting with a hyphen) are correctly interpreted as paths rather than command flags. - It implements a robust path validation mechanism using
Path.resolve()andrelative_to()to prevent path traversal, ensuring the script only operates on files within the designated source directory. - [SAFE]: The skill operates entirely on local files and does not perform network requests or require credentials. Its implementation demonstrates high security awareness, and no malicious patterns such as obfuscation, persistence, or privilege escalation were detected.
Audit Metadata