Security audit

generate-poster

Security checks across malware telemetry and agentic risk

Overview

This skill is a documented Flyelep API helper for generating e-commerce product images, with the main risk being that prompts, image URLs, and the user’s API key are sent to Flyelep.

Install only if you are comfortable sending product descriptions, reference image URLs, and your Flyelep API key to Flyelep. Avoid using confidential product assets or secrets in prompts unless Flyelep’s handling is acceptable to you, and rotate the API key if it is pasted into logs or shared chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill activation description is broad enough to match common user requests for product images and posters, which can cause the agent to invoke this skill unexpectedly. That matters because invocation leads to third-party API use and transmission of user-provided content, images, and secrets, expanding data exposure without clear user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs sending query text, image URLs, and an API secret to a third-party service but does not prominently warn users that their content will leave the local agent boundary. In this context, the omission is dangerous because the skill is specifically designed for external transmission and may process commercially sensitive product assets or confidential prompts.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: Defaulting languageType to English can override user expectations and generate content in an unintended locale without explicit consent. While not a classic security flaw, it can cause unauthorized or misleading output for marketplace content and is riskier here because the skill may act automatically once triggered.

External Transmission

Medium

Category: Data Exfiltration
Content: ## 调用示例 **生成产品主图（跨境电商，Amazon）：** ```bash curl -X POST "https://www.flyelep.cn/prod-api/poster-design/api/v1/poster/generate" \ -H "Content-Type: application/json" \ --max-time 600 \ -d '{
Confidence: 93% confidence
Finding: curl -X POST "https://www.flyelep.cn/prod-api/poster-design/api/v1/poster/generate" \ -H "Content-Type: application/json" \ --max-time 600 \ -d '{ "query": "为这个蓝牙耳机生成一张白底产品主图", "generate

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal