Best Image Generation

Security checks across malware telemetry and agentic risk

Overview

This is a coherent EvoLink image-generation skill that sends prompts and optional image URLs to EvoLink and may spend API credits, but the behavior is disclosed and aligned with the skill’s purpose.

Install only if you trust EvoLink with the prompts and reference image URLs you provide. Use a dedicated API key and spending limits if available, avoid secrets or private/internal URLs, and remember that trigger phrases can submit a paid generation request immediately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill sends user prompts and user-supplied image URLs to a third-party service, but the description and usage guidance do not clearly warn users that their content leaves the local environment. This creates a real privacy and data-handling risk, especially if users include sensitive prompts or private image URLs without realizing they are being transmitted externally.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal