Hd Infoimage

Security checks across malware telemetry and agentic risk

Overview

This skill has a reasonable infographic purpose, but it needs Review because it tells the agent to access a local API key and send generated output through unclear external services.

Install only if you are comfortable with the agent using a ZenMux image-generation credential, sending your article content to an external image provider, and potentially sending the resulting image to Feishu. Before use, confirm the Feishu destination, avoid confidential source material, and prefer runtime-managed secrets over commands that print API keys from local config files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The README explicitly instructs operators to read the ZenMux API key from a local configuration file and print it to stdout. Exposing or operationalizing secret extraction in skill documentation is unnecessary for the user-facing task of turning provided content into an image, and it normalizes unsafe credential handling that could leak secrets into logs, terminals, or downstream tooling.

Context-Inappropriate Capability

Low

Confidence: 79% confidence
Finding: The Feishu delivery step expands the skill from image generation into external distribution of generated outputs. While not inherently malicious, it introduces an extra exfiltration path for potentially sensitive user content or generated materials that is outside the stated scope of the skill.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill expands its behavior beyond simple infographic generation by instructing the agent to search external platforms and query a knowledge base. This creates unnecessary data access and retrieval scope, which can expose users to privacy leakage, unauthorized external access, or policy bypass if the runtime environment actually permits those capabilities.

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: Requiring external platform search and knowledge-base calls as part of the default workflow introduces unnecessary capability use that is not essential to the stated purpose of generating an information-dense image. In an agent environment, this broadens the attack surface and may lead to unintended data exfiltration, untrusted content ingestion, or actions inconsistent with user expectations.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The reference prompt directs the agent to search broad internet sources and reverse-engineer 'highly engaging' or 'viral' content patterns, which expands the skill from user-content transformation into autonomous research and content acquisition. This increases the risk of unauthorized data gathering, off-scope browsing, and generation based on third-party material rather than the user's supplied content.

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: Claiming a capability to research top-performing internet content and infer viral patterns is not necessary for a pure infographic-generation skill and encourages behavior outside the declared function. In practice, this can cause unbounded browsing, questionable source use, and content laundering from third-party creators into generated outputs.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill description states that user-supplied article/content will be sent to Imagen 3 via ZenMux, but it does not warn users that their content is transmitted to a third-party provider. This creates a privacy and data-governance risk, especially if users supply proprietary, personal, or confidential material expecting local-only processing.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README provides concrete commands for using API credentials and writing files locally, but gives no warning about secret sensitivity, shell history exposure, stdout leakage, or filesystem side effects. In practice, this can lead operators to mishandle credentials and overwrite or create files in sensitive locations without understanding the risks.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description says it should trigger when users provide content and ask for an information-dense image, but it does not define clear inclusion or exclusion criteria. In an agent setting, this can cause over-broad activation on ordinary summarization, note-taking, or image-related requests, leading the agent to route user content into image-generation and downstream workflows unexpectedly.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs the agent to send generated output via `send_to_feishu.sh`, which is an external service handoff, but the document does not require informing the user or obtaining consent. If user-provided article content contains sensitive, proprietary, or personal information, the generated image and possibly embedded content could be exfiltrated to a third-party destination without user awareness.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal