photo-clipper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it interpolates user-provided text directly into a template sent to an LLM in
references/implementation.md. - Ingestion points: The
promptvariable in theanalyze_photofunction. - Boundary markers: Absent; the user prompt is concatenated directly into the template.
- Capability inventory: Image cropping (PIL), file writing (PIL), and network requests (requests).
- Sanitization: Present; the
validate_crop_suggestionfunction strictly validates the LLM's output against percentage ranges (0-100) and enforces a 50% maximum removal limit per dimension. - [DATA_EXFILTRATION] (LOW): The skill transmits image data and an API key to
openrouter.ai. While this is required for its functionality, it is a non-whitelisted domain and involves data transit to a third-party service.
Audit Metadata