Security Audit
dkyazzentwatwa/chatgpt-skills:background-remover
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:background-remover received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 3 high, 4 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Path Traversal in `load` method, Path Traversal in `save` method via `batch_process`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Path Traversal in `load` method The `load` method directly uses the user-provided `filepath` argument with `Image.open()`. This allows an attacker to supply a path like `../../../../etc/passwd` to read arbitrary files from the system, leading to data exfiltration. This grants the skill excessive permissions to access files outside its intended scope. Sanitize `filepath` to ensure it points to a file within an allowed, designated input directory. This can be done by resolving the path to its canonical form and verifying it's a subpath of a trusted base directory. | LLM | scripts/background_remover.py:29 | |
| HIGH | Path Traversal in `save` method via `batch_process` The `save` method, as demonstrated by its usage within `batch_process`, constructs an output path using the user-provided `output_dir`. If `output_dir` is not sanitized, an attacker could provide a path like `../../../../tmp` to write files to arbitrary locations on the filesystem. This could lead to overwriting critical system files, placing malicious executables, or consuming disk space, indicating excessive permissions. Sanitize `output_dir` and the resulting `output_path` to ensure files are written only within an allowed, designated output directory. Implement robust path validation to prevent directory traversal. | LLM | scripts/background_remover.py:202 | |
| HIGH | Directory Traversal and Listing in `batch_process` The `batch_process` method takes `input_dir` and `output_dir` directly from user input without validation. `Path(input_dir).glob('*')` allows an attacker to list files in arbitrary directories (e.g., `input_dir = "/etc"`). The subsequent call to `self.load(str(input_file))` for each found file then attempts to read these arbitrary files, leading to data exfiltration. This combines directory listing with file reading, significantly increasing the attack surface and demonstrating excessive permissions. Both `input_dir` and `output_dir` must be strictly validated to ensure they are within designated, safe directories. The `input_file` paths derived from `glob` should also be validated to ensure they are subpaths of the intended `input_dir` after canonicalization, preventing both directory listing and arbitrary file reading/writing. | LLM | scripts/background_remover.py:195 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | background-remover/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'opencv-python>=4.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | background-remover/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | background-remover/scripts/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'scikit-image>=0.21.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | background-remover/scripts/requirements.txt:4 |
Scan History
Embed Code
[](https://skillshield.io/report/4793b398c59dcbe8)
Powered by SkillShield