Skills
skills/eyadsibai/ltk/image-enhancement/Gen Agent Trust Hub

image-enhancement

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • Privilege Escalation (HIGH): The skill instructs the user or agent to execute sudo apt-get install imagemagick. The use of sudo to acquire elevated permissions is a high-severity finding as it can be exploited if the agent executes commands automatically.
  • Indirect Prompt Injection (LOW): The skill is vulnerable to indirect injection through malicious file metadata or filenames.
  • Ingestion points: Processes local image files (e.g., input.png, *.png) which are considered untrusted external data.
  • Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores embedded instructions or treats filenames as literal strings.
  • Capability inventory: The skill uses shell commands (convert) and Python's PIL library to process files. The bash loop for f in *.png; do convert "$f" ... is particularly susceptible to command injection if a filename contains shell metacharacters.
  • Sanitization: Absent. There is no evidence of escaping, validation, or filtering of filenames or image content before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:59 PM