long-image-to-pdf

Security checks across malware telemetry and agentic risk

Overview

This skill locally turns a user-provided long image into a PDF, with a disclosed cleanup option that deletes only generated intermediate slices.

Install only if you are comfortable with local image processing. If you want to keep the sliced images for review or troubleshooting, tell the agent not to use --cleanup and choose an output folder you control, especially for sensitive screenshots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to pass `--cleanup` by default, which deletes intermediate slices unless the user opts out. This creates a data-destruction behavior without explicit affirmative consent, so a user may unexpectedly lose artifacts they may need for verification, reuse, or recovery if the PDF generation is incomplete or incorrect.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: * `--cols`: Number of columns in the PDF (default: `2`). * `--rows`: Number of rows in the PDF (default: `2`). * `--layout`: Arrangement sequence, either `grid` (left-to-right) or `column` (top-to-bottom) (default: `grid`). * `--cleanup`: Add this flag to automatically delete the intermediate image slices after the PDF is created. (Highly recommended to save disk space unless the user explicitly asks to keep the sliced images). ## ⚠️ Important Instructions for the Agent (Guardrails) 1. **Always apply `--cleanup`** by default, unless the user specifically says "I want the sliced pictures too". Users generally only care about the final PDF.
Confidence: 89% confidence
Finding: automatically delete

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal