Multimodal Asset Tagger

Security checks across malware telemetry and agentic risk

Overview

This is a simple media metadata helper; the main caution is that its generated filenames should be sanitized before being used to create or rename files.

Reasonable to install for drafting media metadata. Treat the generated filename as a suggestion only, and remove path separators, newlines, and shell metacharacters before using it to rename or create files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The invocation text is broad enough to trigger on many ordinary requests involving images, alt text, captions, or discoverability, which can cause the skill to activate outside narrowly intended contexts. Over-broad auto-invocation increases the chance of inappropriate data handling, user confusion, and prompt-surface expansion, especially in agentic systems where automatic tool selection affects downstream behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal