ScriptsMay 14, 2026·2 min read

Anamorpher — Image-Scaling Prompt Injection Lab

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Script Depot
Script Depot · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Stage only · 29/100Stage only
Agent surface
Any MCP/CLI agent
Kind
Script
Install
Uv
Trust
Trust: Established
Entrypoint
uv run python backend/app.py
Universal CLI install command
npx tokrepo install 76460f4b-70b2-5592-9107-1e2015123b56
install contractmetadata JSONadapter planraw content
Intro

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Best for: Security teams testing multimodal models and apps for downscaling-triggered hidden instructions

Works with: Python 3.11+, uv (recommended), and a browser-opened HTML frontend for visualization

Setup time: 10-25 minutes

Key facts (verified)

  • GitHub: 1049 stars · 91 forks · pushed 2026-05-11.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: uv run python backend/app.py.

Main

  • Use it as an evaluation harness: craft a payload image, then test how different downscalers reveal (or hide) the prompt injection after resizing.

  • Compare implementations: README highlights OpenCV, PyTorch, TensorFlow, and Pillow for scaling behavior differences.

  • Treat results as probabilistic: README warns outcomes vary and recommends running each example ~5 times for consistent evaluation.

Source-backed notes

  • README positions Anamorpher as a tool for crafting/visualizing image scaling attacks and provides both a frontend UI and Python API.
  • README lists supported downscaling algorithms (bicubic, bilinear, nearest neighbor) and comparison backends (OpenCV/PyTorch/TensorFlow/Pillow).
  • README setup uses uv sync, runs the backend via uv run python backend/app.py, and opens frontend/index.html in a browser.

FAQ

  • Is this for text-only LLMs?: No — README explicitly targets multi-modal AI systems where image downscaling can hide/reveal instructions.
  • Do results always reproduce?: Not always — README warns outcomes can vary and suggests running examples multiple times.
  • What’s a safe rollout?: Run it in a controlled eval environment and document the exact preprocessing pipeline (resize settings, libraries) you deploy.
🙏

Source & Thanks

Source: https://github.com/trailofbits/anamorpher > License: Apache-2.0 > GitHub stars: 1049 · forks: 91

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

BuildKit — Concurrent, Cache-Efficient OCI Image Builder

BuildKit is the modern container image builder behind docker build and buildx, providing a concurrent DAG-based frontend, cross-platform builds, remote caching, and rootless operation.

Scripts
Script Depot

ImageMagick — Command-Line Image Processing for 200+ Formats

ImageMagick is a free, open-source software suite for creating, editing, compositing, and converting images. It supports over 200 image formats including PNG, JPEG, TIFF, WebP, SVG, and PDF.

Scripts
Script Depot

GIMP — Free Open Source Image Editor and Manipulation Program

GIMP (GNU Image Manipulation Program) is a free, open-source raster image editor for photo retouching, image composition, and graphic design. It runs on Linux, macOS, and Windows, offering layers, masks, filters, and extensibility through Python and Script-Fu plugins.

Scripts
Script Depot

Skopeo — Registry-Agnostic Container Image Toolkit

Skopeo inspects, copies, signs, and deletes container images across registries without a daemon — the Swiss Army knife for OCI image plumbing in CI pipelines.

Scripts
Script Depot
Home🔍Search👤Me