Trust Assessment
resize-magic received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include ImageMagick Command Injection via Unsanitized Geometry String, Unrestricted File Access via Input/Output Paths.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | ImageMagick Command Injection via Unsanitized Geometry String The `geometry` argument is passed directly to the `magick` or `convert` command without comprehensive sanitization against ImageMagick-specific command injection vectors. While the script attempts to filter some common shell metacharacters (`[;|`$&<>]`), it does not prevent the injection of ImageMagick-specific options that could lead to arbitrary command execution (e.g., `-exec`, `-authenticate`, or other delegate command triggers). If a vulnerable version of ImageMagick is installed, an attacker could craft a malicious `geometry` string (e.g., `800x600" -authenticate "foo" -exec "rm -rf /"`) to execute arbitrary commands on the host system. The current blacklist filter is insufficient to prevent such attacks. Implement a strict whitelist for `geometry` string formats (e.g., regex matching `^\d+x\d*$` or `^\d+%$`) instead of a blacklist. Alternatively, use a library or API that safely wraps ImageMagick calls and sanitizes inputs, or ensure ImageMagick is run in a highly restricted sandbox with minimal privileges and disabled delegate commands. | LLM | scripts/resize.sh:79 | |
| HIGH | Unrestricted File Access via Input/Output Paths The `resize.sh` script accepts arbitrary `input-path` and `output-path` arguments directly from user input without any path validation or restriction to a sandboxed directory. This allows the skill to read from and write to any location on the filesystem that the agent has permissions for. This poses a significant risk of data exfiltration (e.g., reading sensitive files like `/etc/passwd` or `~/.ssh/id_rsa`) or unauthorized file modification/creation (e.g., writing malicious scripts to arbitrary locations). While the arguments are double-quoted, preventing shell injection, the paths themselves are not constrained. Implement strict path validation to ensure that `input-path` and `output-path` are confined to a designated, secure working directory or a temporary sandbox. For example, resolve paths relative to a skill-specific data directory and reject absolute paths or paths containing `..`. | LLM | scripts/resize.sh:79 |
Scan History
Embed Code
[](https://skillshield.io/report/00fabe3ce03abdb4)
Powered by SkillShield