Visual Gen Ai Language

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only helper for producing structured image-generation JSON, with no hidden execution, persistence, or local data access found.

This appears safe to install as a prompt-formatting skill. Use normal caution if you pair it with an API execution skill: prompts, images, and generated descriptions sent to Bria or another provider may leave your local environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill advertises very broad triggers such as requests for structured prompts, controllable generation, deterministic image descriptions, or Bria/FIBO structured_prompt format without strong boundaries. Over-broad activation can cause the skill to engage in contexts where it is not intended, increasing prompt-routing mistakes and the chance that unrelated user content is transformed into structured output or sent onward to a paired execution skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal