Back to skill

Security audit

Image Highlight Cropper

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-cropping skill that processes user-uploaded images and creates downloadable cropped highlights, with one dependency-install caveat users should approve deliberately.

Use this for images you are comfortable having locally processed into crop files. If Pillow is missing, approve the pip install step only in an environment where modifying the Python package setup is acceptable; a virtual environment or preinstalled dependency is safer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to run `pip install Pillow --break-system-packages` if Pillow is unavailable, which expands the skill from image processing into environment modification and package installation. Allowing a skill to install packages at runtime increases supply-chain and system-integrity risk, especially because `--break-system-packages` explicitly bypasses protections on managed Python environments.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger language is very broad ('any variation' and 'always use this skill'), which can cause the skill to activate for many ordinary image requests beyond its narrow purpose. Overbroad activation is dangerous because it can route users into unnecessary file-processing behavior, increasing exposure to tool use and unintended side effects even when a simpler response would suffice.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill hardcodes German output structure and follow-up text without checking the user's language or preferences. This is primarily a quality and usability issue, but in agent systems it can also obscure user understanding of what files were created or what actions were taken, reducing transparency and informed consent.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.