Security audit

Image Highlight Cropper

Security checks across malware telemetry and agentic risk

Overview

This is a coherent image-cropping skill that processes user-uploaded images and creates downloadable cropped highlights, with one dependency-install caveat users should approve deliberately.

Use this for images you are comfortable having locally processed into crop files. If Pillow is missing, approve the pip install step only in an environment where modifying the Python package setup is acceptable; a virtual environment or preinstalled dependency is safer.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to run `pip install Pillow --break-system-packages` if Pillow is unavailable, which expands the skill from image processing into environment modification and package installation. Allowing a skill to install packages at runtime increases supply-chain and system-integrity risk, especially because `--break-system-packages` explicitly bypasses protections on managed Python environments.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger language is very broad ('any variation' and 'always use this skill'), which can cause the skill to activate for many ordinary image requests beyond its narrow purpose. Overbroad activation is dangerous because it can route users into unnecessary file-processing behavior, increasing exposure to tool use and unintended side effects even when a simpler response would suffice.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The skill hardcodes German output structure and follow-up text without checking the user's language or preferences. This is primarily a quality and usability issue, but in agent systems it can also obscure user understanding of what files were created or what actions were taken, reducing transparency and informed consent.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.