dicom-series-preflight
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local Python script (
scripts/preflight_series.py) to perform DICOM header analysis. The execution is performed according to standard patterns defined in the manifest. - [COMMAND_EXECUTION]: The test suite in
tests/test_preflight_series.pyincludes asubprocess.runcall to execute a local fixture generation script. This is a standard development practice and is implemented safely using argument lists and the current system executable. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) as it reads metadata from external DICOM files. This is documented and inherent to the utility's purpose. Evidence chain:
- Ingestion point:
scripts/preflight_series.pyreads tags likeSeriesDescriptionfrom files in a user-provided directory. - Boundary markers: The results are returned in a structured JSON format.
- Capability inventory: The skill is permitted to use the
Bashtool. - Sanitization: Extracted strings are not sanitized for potential instruction patterns, which is a standard limitation for this use case and does not represent a malicious finding.
Audit Metadata