Search Image

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Pixabay image-search helper with no executable code or persistence, though users should avoid sending sensitive search terms.

Install only if you are comfortable with image search terms being sent to Pixabay. Avoid using confidential project names, personal information, secrets, or proprietary terms in queries unless you are willing to share those terms with that external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger keyword "image search" is broad enough to match ordinary user requests that are not clearly intended to invoke this specific skill. In an agent environment, that can cause accidental tool activation and unintended transmission of user prompts or sensitive context to the external Pixabay API.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill description does not warn users that their query will be sent to a third-party service, which creates a transparency and privacy risk. Users may include sensitive or proprietary terms in requests, not realizing that those inputs leave the local workflow and are disclosed to Pixabay.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal