image-resizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the 'sharp' library from the npm registry. Per [TRUST-SCOPE-RULE], this is a trusted dependency for image processing and is considered low risk.
- [Indirect Prompt Injection] (INFO): The skill acts as an ingestion point for untrusted image files. However, its capabilities are confined to local image transformations with no network access or privilege escalation mechanisms, resulting in a negligible risk profile.
- [Automated Scan Evaluation] (INFO): The automated alert for 'instagram.pn' is a false positive. The string 'instagram.png' appears as a sample filename in SKILL.md and was likely misidentified by the scanner; no phishing URLs are present in the provided files.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata