Cette page est affichée en anglais. Une traduction française est en cours.
ScriptsMay 14, 2026·2 min de lecture

Anamorpher — Image-Scaling Prompt Injection Lab

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Script Depot
Script Depot · Community
Prêt pour agents

Cet actif peut être lu et installé directement par les agents

TokRepo expose une commande CLI universelle, un contrat d'installation, le metadata JSON, un plan selon l'adaptateur et le contenu raw pour aider les agents à juger l'adaptation, le risque et les prochaines actions.

Stage only · 29/100Stage only
Surface agent
Tout agent MCP/CLI
Type
Script
Installation
Uv
Confiance
Confiance : Established
Point d'entrée
uv run python backend/app.py
Commande CLI universelle
npx tokrepo install 76460f4b-70b2-5592-9107-1e2015123b56
contrat d'installationJSON metadataplan adaptateurcontenu raw
Introduction

trailofbits/anamorpher crafts image-scaling attacks for multimodal prompt injection; verified 1,049★ with a uv backend and browser frontend workflow.

Best for: Security teams testing multimodal models and apps for downscaling-triggered hidden instructions

Works with: Python 3.11+, uv (recommended), and a browser-opened HTML frontend for visualization

Setup time: 10-25 minutes

Key facts (verified)

  • GitHub: 1049 stars · 91 forks · pushed 2026-05-11.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: uv run python backend/app.py.

Main

  • Use it as an evaluation harness: craft a payload image, then test how different downscalers reveal (or hide) the prompt injection after resizing.

  • Compare implementations: README highlights OpenCV, PyTorch, TensorFlow, and Pillow for scaling behavior differences.

  • Treat results as probabilistic: README warns outcomes vary and recommends running each example ~5 times for consistent evaluation.

Source-backed notes

  • README positions Anamorpher as a tool for crafting/visualizing image scaling attacks and provides both a frontend UI and Python API.
  • README lists supported downscaling algorithms (bicubic, bilinear, nearest neighbor) and comparison backends (OpenCV/PyTorch/TensorFlow/Pillow).
  • README setup uses uv sync, runs the backend via uv run python backend/app.py, and opens frontend/index.html in a browser.

FAQ

  • Is this for text-only LLMs?: No — README explicitly targets multi-modal AI systems where image downscaling can hide/reveal instructions.
  • Do results always reproduce?: Not always — README warns outcomes can vary and suggests running examples multiple times.
  • What’s a safe rollout?: Run it in a controlled eval environment and document the exact preprocessing pipeline (resize settings, libraries) you deploy.
🙏

Source et remerciements

Source: https://github.com/trailofbits/anamorpher > License: Apache-2.0 > GitHub stars: 1049 · forks: 91

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires

BuildKit — Concurrent, Cache-Efficient OCI Image Builder

BuildKit is the modern container image builder behind docker build and buildx, providing a concurrent DAG-based frontend, cross-platform builds, remote caching, and rootless operation.

Scripts
Script Depot

ImageMagick — Command-Line Image Processing for 200+ Formats

ImageMagick is a free, open-source software suite for creating, editing, compositing, and converting images. It supports over 200 image formats including PNG, JPEG, TIFF, WebP, SVG, and PDF.

Scripts
Script Depot

GIMP — Free Open Source Image Editor and Manipulation Program

GIMP (GNU Image Manipulation Program) is a free, open-source raster image editor for photo retouching, image composition, and graphic design. It runs on Linux, macOS, and Windows, offering layers, masks, filters, and extensibility through Python and Script-Fu plugins.

Scripts
Script Depot

Skopeo — Registry-Agnostic Container Image Toolkit

Skopeo inspects, copies, signs, and deletes container images across registries without a daemon — the Swiss Army knife for OCI image plumbing in CI pipelines.

Scripts
Script Depot
Accueil🔍Rechercher👤Moi