Security audit

Image generation, editing and remove background

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Bria image-generation helper that sends user-provided prompts or images to Bria's external API and does not show hidden persistence or unrelated access.

Install this only if you intend to use Bria's hosted API. Treat any prompt, image URL, mask, or local image path you provide as data that may be uploaded to Bria for processing, avoid sensitive or regulated images unless your policy allows it, and keep BRIA_API_KEY in an environment variable or secret manager rather than pasting it into chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly instructs use of environment variables, shell commands, and outbound network access, but does not declare corresponding permissions. This creates a transparency and governance gap: users and platforms may not realize the skill can read secrets and transmit user-provided data or images to an external service.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The trigger and description are broad enough to match many generic image-editing or image-generation requests, which can cause the skill to activate unexpectedly. In a system with multiple skills, over-broad activation increases the chance that user images, prompts, or workflow context are routed to this external service without the user's clear intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The reference directs callers to send image URLs, base64 image content, prompts, and API authentication headers to Bria's external service, but it does not clearly warn users that potentially sensitive data leaves the local environment. In an agent skill context, users may assume inputs are handled locally or only within the host platform, so this omission can lead to unintended disclosure of private images, proprietary assets, or secrets embedded in URLs and headers.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The client transparently accepts URLs, raw base64, or local file paths and then sends the resulting image data and prompts to Bria's remote API, but the code provides no user-facing notice or consent mechanism about that transmission. In an agent/skill context, this can cause unintended exfiltration of local files or sensitive prompts when upstream inputs are user-controlled or inferred automatically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical

Code: suspicious.env_credential_access
Location: references/code-examples/bria_client.ts:115