Back to skill

Security audit

Photo Pack Generator

Security checks across malware telemetry and agentic risk

Overview

This is a coherent photo-generation skill, but users should treat uploaded face images as sensitive because processing depends on external media helpers.

Install only if you are comfortable sending the reference image and prompts to the platform’s media-generation service. Use photos you own or have consent to process, and avoid highly sensitive face images unless you understand the provider’s privacy and retention terms.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation instructs execution of a shell command (`bash scripts/generate-pack.sh`) but declares no permissions, creating a transparency and least-privilege problem. Hidden or undeclared shell capability is dangerous because downstream systems or reviewers may not realize the skill can execute local commands, access files, or trigger networked helper scripts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose is narrow, but the detected behavior includes external upload of local images, local downloads, opening files on macOS, and broader stylized generation modes not disclosed in the description. This mismatch is security-relevant because users may provide highly sensitive face images believing the skill only performs bounded photo generation, when it may also transmit data externally and perform additional local actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill accepts reference images via URL and is explicitly designed around identity-preserving face generation, but it provides no warning that personal biometric imagery may be fetched from remote locations or transmitted to external services. In this context, the omission is more dangerous because the input is likely to be sensitive facial data, and users are not informed about privacy, consent, or data-handling risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When a local image path is provided, the script uploads that file to a remote service and only shows a progress-style message rather than an explicit privacy disclosure or consent prompt. Because this skill is specifically designed to preserve a person's exact identity from a face image, the uploaded content is highly sensitive biometric/portrait data, making undisclosed off-device transfer a meaningful privacy risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends the reference image URL and detailed prompts to an external image-generation service without clearly disclosing that user data leaves the local environment. In this skill's context, the reference image is a face image used for identity-preserving generation, so the transmitted data can reveal personal appearance and inferred preferences, increasing privacy sensitivity beyond a generic image-editing workflow.

Missing User Warnings

Low
Confidence
82% confidence
Finding
With --view enabled, the script silently downloads remote outputs into local storage and may later auto-open them on macOS, without clearly warning the user about file writes or automatic opening behavior. This is lower severity than the remote upload issues, but it still creates surprise local side effects and could expose users to unwanted storage of sensitive images or opening untrusted remote content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.