Hi HN! I built this after 3 months researching image-based attacks.

The problem: Apps that accept user images typically just strip EXIF metadata. But this misses: - Steganographic payloads (data hidden in pixel LSBs) - Polyglot files (valid as both image AND executable) - Image bombs (1x50000px files that exhaust memory)

My approach: Content Disarm & Reconstruction (CDR) - Decode image to raw pixel buffer - Completely discard the original container - Rebuild a sterile PNG from scratch

Stack: Rust core → WebAssembly sandbox → Cloudflare Workers edge

Free tier: 100 requests/month on RapidAPI

Happy to answer questions about the architecture, threat model, or implementation!