Security Audit
dkyazzentwatwa/chatgpt-skills:image-enhancement-suite
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:image-enhancement-suite received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 0 critical, 2 high, 3 medium, and 1 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via User-Controlled Paths, Arbitrary File Write via User-Controlled Output Paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via User-Controlled Paths The skill allows reading arbitrary files from the filesystem by accepting user-controlled paths for input images, watermark images, and font files. The `ImageEnhancer` constructor, `_load_file` method, `watermark` method, and batch processing functions (`batch_process`, `generate_icons`, `generate_sizes`) directly use user-provided or user-configurable paths with `PIL.Image.open()` or `PIL.ImageFont.truetype()`. Additionally, the `EnhancerConfig.update` method allows a user to set the `watermark_font` attribute to an arbitrary path, which is then used by `_get_font` to load a font. If the skill is granted broad filesystem read permissions, a malicious actor could provide paths to sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`) to attempt data exfiltration. Even if `Pillow` fails to open non-image files, the access attempt itself is a security concern. Implement strict input validation for all file paths. Restrict file operations to a designated, sandboxed directory. If arbitrary paths are necessary, ensure the skill runs with minimal filesystem permissions (e.g., read-only access to specific, non-sensitive directories). For `EnhancerConfig.update`, whitelist allowed keys and validate values for sensitive keys like `watermark_font` to ensure they point to trusted resources or are within allowed directories. | LLM | scripts/image_enhancer.py:90 | |
| HIGH | Arbitrary File Write via User-Controlled Output Paths The skill allows writing files to arbitrary locations on the filesystem by accepting user-controlled paths for output images. The `save` method, as well as batch processing functions (`batch_process`, `generate_icons`, `generate_sizes`), directly use user-provided output paths with `PIL.Image.save()`. If the skill is granted broad filesystem write permissions, a malicious actor could use this to overwrite existing system files, create new files in sensitive locations, or fill up disk space, leading to a denial of service or system compromise. Implement strict input validation for all output file paths and directories. Restrict write operations to a designated, sandboxed output directory. Ensure the skill runs with minimal filesystem write permissions. | LLM | scripts/image_enhancer.py:213 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | image-enhancement-suite/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | image-enhancement-suite/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'opencv-python>=4.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | image-enhancement-suite/scripts/requirements.txt:3 | |
| LOW | Unpinned Dependencies in requirements.txt The `requirements.txt` file specifies dependencies using `>=` (e.g., `pillow>=10.0.0`). While this ensures a minimum version, it allows for automatic upgrades to new major versions. This can introduce breaking changes, unexpected behavior, or even new vulnerabilities if a future version of a dependency contains a security flaw that is automatically pulled in. Pinning to exact versions or using a more restrictive range (e.g., `~=`) is generally recommended for production environments to ensure reproducibility and stability. Pin dependencies to exact versions (e.g., `pillow==10.0.0`) or use a tilde operator (`~=`) for minor version updates (e.g., `pillow~=10.0`). Regularly review and update dependencies to incorporate security patches while maintaining control over version changes. | LLM | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/5bad0443cdecd155)
Powered by SkillShield