Back to skill

Security audit

Image Vision

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal OCR/image-analysis skill, with a privacy caution because images like receipts, forms, and screenshots may contain sensitive information.

Install if you need OCR or image understanding, but treat every uploaded image as potentially sensitive. Redact secrets, IDs, payment details, account numbers, private business information, and authentication material before use, and avoid submitting regulated or confidential content unless necessary.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly encourages OCR and analysis of receipts, business cards, forms, screenshots, and other images that commonly contain personal, financial, or confidential information, but it provides no warning about handling sensitive visual data. This omission can cause users or downstream agents to submit regulated or private content without appropriate caution, increasing the risk of privacy violations, unintended data exposure, or improper processing of secrets shown in images.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.