Back to skill

Security audit

Chatgpt Image Generation

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: it automates ChatGPT image generation from user-provided prompts, with ordinary privacy cautions for using a logged-in web service.

Install only if you are comfortable using Playwright/Chromium and sending the prompt file contents to ChatGPT under your account. Do not include secrets, private personal data, or confidential business material in prompts unless that is acceptable for your ChatGPT use, and protect or delete the output directory because results.jsonl stores prompt text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that a ChatGPT session will be saved for future runs, but it does not warn users that browser automation will persist authentication/session data on disk. That can expose account access to other local users, backup systems, or later workflows that reuse the same browser profile, especially because the skill automates a real logged-in browser session.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends each prompt from the user-provided prompts file to chatgpt.com through browser automation without any consent gate, warning, redaction, or policy check. If prompts contain secrets, proprietary data, personal data, or regulated content, the tool will exfiltrate that information to an external third-party service by design, which is a real data-leak risk even if the feature is intentional.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.