gimp-inkscape
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically generates GIMP Script-Fu commands from templates at runtime. While these follow a standard format for resizing and compositing, the construction of these scripts involves interpolating file paths and parameters, which could lead to command injection within the GIMP environment if input is not properly handled.- [REMOTE_CODE_EXECUTION]: The documentation suggests installing the third-party package "rembg" and downloading tools from the "xinntao/Real-ESRGAN" GitHub repository. This encourages the user to introduce external, unverified code into their environment.- [DATA_EXFILTRATION]: The skill provides tools like "exiftool" and "identify" to read and display image metadata. This functionality provides a surface for exposing sensitive information (e.g., GPS coordinates or camera info) embedded in files processed by the agent.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes external, untrusted image and PDF files.
- Ingestion points: Image and PDF file paths provided to CLI tools in SKILL.md.
- Boundary markers: Absent; the skill does not use delimiters or warnings to separate image content from instructions.
- Capability inventory: Extensive shell access via gimp, inkscape, convert, mogrify, identify, ffmpeg, exiftool, optipng, jpegoptim, and pdftoppm.
- Sanitization: Absent; no escaping or validation of external file content before processing.
Audit Metadata