dkyazzentwatwa/chatgpt-skills:image-filter-lab

The skill allows arbitrary file paths to be passed to critical filesystem operations, including `Image.open()` in `load()`, `Image.save()` in `save()`, `os.listdir()` in `batch_process()`, and `os.makedirs()` in `batch_process()`. These paths are derived directly from untrusted user input (CLI arguments like `--input`, `--output`, `--batch`, `--output-dir`, and parameters to filters invoked via `--filter`). This enables: 1. **Data Exfiltration**: An attacker can attempt to read arbitrary files (e.g., `load:/etc/passwd` via `--filter` or `--input /etc/passwd`). While `PIL.Image.open` might fail for non-image files, the attempt to access sensitive files is a risk. For valid image files, sensitive data (e.g., EXIF metadata) could be loaded. 2. **Arbitrary File Write**: An attacker can write the current image content to arbitrary locations (e.g., `save:/tmp/malicious.sh:1` via `--filter` or `--output /tmp/malicious.sh`). If the image content is controlled (e.g., by loading a crafted image first), this can lead to overwriting system files or creating malicious scripts, potentially leading to command injection. 3. **Directory Traversal/Probing**: `os.listdir()` and `os.makedirs()` can be directed to arbitrary paths, allowing an attacker to probe directory structures or create directories outside the intended scope. The `getattr` mechanism in `apply_filter_from_args` further exacerbates this by allowing invocation of `load` and `save` methods with arbitrary paths through a generic filter argument, effectively turning a filter parameter into a command injection vector for file operations.

Requirement 'opencv-python>=4.8.0' is not pinned to an exact version.