sharp

The Sharp AI Agent Skill presents a coherent and proportional footprint for its declared purpose of server-side image processing using the Sharp library. Install sources are official (npm registry), and there are no credential requirements, no data exfiltration beyond standard image processing pipelines, and no autonomous real-world actions. Data flows align with typical usage (read/transform/write or stream/buffer-based processing). While there is a remote fetch path in the Next.js example, this is a legitimate pattern for fetching input images in some pipelines, provided input validation and access controls are enforced. Overall, the skill is BENIGN with low security risk, given its normal dependencies, data flows, and lack of credential handling. Minor caution on remote input handling, but no evidence of credential harvesting or exfiltration.