Security Audit
dkyazzentwatwa/chatgpt-skills:image-metadata-tool
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:image-metadata-tool received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Unpinned Python dependency version, Absolute File Path and Size Exfiltration, Arbitrary File Write Capability.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Absolute File Path and Size Exfiltration The `extract()` method, a core function of the skill, includes the absolute path and size of the processed image file in its output (`file.path` and `file.size`). An attacker could provide a path to a sensitive image file (or a symlink to one) and exfiltrate its absolute location and size on the system. While `PIL.Image.open` might prevent reading the *content* of non-image files, this still allows for reconnaissance and confirmation of file existence in sensitive directories. The `extract_batch` function further amplifies this risk by processing multiple files from a user-specified folder. Remove the absolute path and file size from the `extract()` output, or at least make it an opt-in feature with clear security warnings. Only return the filename or a relative path if necessary. Implement strict path validation and sandboxing if arbitrary file paths must be accepted. | LLM | scripts/image_metadata.py:115 | |
| HIGH | Arbitrary File Write Capability The skill allows writing files to arbitrary paths specified by the user through methods like `strip_metadata()`, `strip_batch()`, `generate_map()`, `to_json()`, and `to_csv()`. An attacker could provide a sensitive system path (e.g., `/etc/cron.d/malicious_job`, `/var/www/html/malicious.html`) as the output destination, potentially overwriting critical system files, creating malicious files, or filling up disk space, leading to denial of service or privilege escalation, depending on the agent's permissions. Restrict output paths to a designated, sandboxed directory (e.g., a temporary directory or a user-specific output folder). Implement strict path validation to prevent directory traversal attacks (e.g., `../`). Do not allow writing to arbitrary absolute paths. | LLM | scripts/image_metadata.py:262 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | image-metadata-tool/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'folium>=0.14.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | image-metadata-tool/scripts/requirements.txt:2 | |
| LOW | Unpinned Dependencies in `requirements.txt` The `requirements.txt` file specifies dependencies with minimum versions (`pillow>=10.0.0`, `folium>=0.14.0`) but does not pin them to exact versions. This can lead to non-reproducible builds, unexpected behavior due to upstream changes, or potential security vulnerabilities if a future version of a dependency introduces a flaw. While `pillow` and `folium` are generally well-maintained, pinning versions is a best practice for security and stability. Pin all dependencies to exact versions (e.g., `pillow==10.0.0`, `folium==0.14.0`). Use a dependency lock file (e.g., `pip freeze > requirements.lock`) or a tool like Poetry/Pipenv for better dependency management. | LLM | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/aae68fe1f5e574fb)
Powered by SkillShield