Back to skill

Security audit

Image Watermark

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward image-watermarking helper, with the main privacy consideration being that it says processed images may be returned through Enterprise WeChat.

Install if you are comfortable having the agent process images you provide and return the watermarked results. For private or regulated images, confirm whether the Enterprise WeChat delivery path is appropriate for your organization before using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly states that processed images will be sent via Enterprise WeChat, but it does not disclose this as an external transmission step or require user confirmation. Because images may contain sensitive personal or business information, silently routing outputs through a third-party messaging channel creates a privacy and data-handling risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.