Oathe Security Badge

Is smith-horn/skill-image-pipeline safe?

https://github.com/smith-horn/skill-image-pipeline

70
CAUTION

This skill presents itself as a legitimate image generation pipeline but exhibits concerning behavior by accessing sensitive credential files during execution. While no data exfiltration was detected, the unauthorized file access combined with a complex agent spawning architecture raises security concerns.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 25/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 50/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (3)

HIGH Unauthorized access to sensitive credential files -75

The skill accessed multiple sensitive credential files including SSH keys, AWS credentials, Docker credentials, and environment files. While no modification or exfiltration was detected, an image generation skill has no legitimate reason to access these files.

MEDIUM Complex agent spawning architecture -40

The skill uses a complex architecture that reads agent-prompt.md and spawns a general-purpose subagent. This pattern could potentially be misused to execute arbitrary instructions beyond the stated image generation purpose.

LOW Contains executable code examples -10

The agent-prompt.md contains JavaScript code examples that could be executed by the spawned agent, including file I/O operations and API calls.