Skills
skills/jdluther2020/ai-claude-code-talk/crop-tool/Gen Agent Trust Hub

crop-tool

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill uses a template in the ask_with_crop_tool function to interpolate user-provided questions into a system message without delimiters or sanitization.
  • Ingestion points: question parameter in ask_with_crop_tool (crop_tool.py).
  • Boundary markers: Absent.
  • Capability inventory: Command execution via subprocess.check_call for pip and file operations via PILImage.open and open().write in crop_tool.py.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: crop_tool.py uses subprocess.check_call to programmatically run the pip package manager for its dependency management.
  • [EXTERNAL_DOWNLOADS]: The skill automatically installs the well-known Pillow and anthropic libraries from PyPI if they are not present in the execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 03:07 PM