openlicense-images
Pass
Audited by Gen Agent Trust Hub on May 31, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to process image metadata and verify licenses. It implements a security check using
realpathto validate that the license file path extracted from an image's metadata remains within the intendedlicensesdirectory, effectively preventing directory traversal vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill fetches a JSON image index and image files from a GitHub repository owned by the author (
noah-lowery/free-use-images). These are verified vendor resources. - [SAFE]: Analysis of the skill's instructions and license verification logic confirms that it handles untrusted data from external image files securely. No patterns of prompt injection, data exfiltration, or unauthorized code execution were found.
Audit Metadata