Back to skill

Security audit

Story to Prompts

Security checks across malware telemetry and agentic risk

Overview

This skill is a low-risk prompt-writing helper that turns user-provided story or scene text into bilingual image prompts without requesting system access or external services.

Installers should know this skill may activate for fairly general image-prompt requests and will output prompts directly. Avoid providing private story details you do not want repeated in generated prompts, and review any downstream image-generation policy or licensing concerns for style references.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill advertises very broad trigger phrases like generic text-to-image and storyboard requests, which can cause it to activate for many common image-generation tasks without clear user intent to invoke this specific transformation workflow. That increases the chance of unintended prompt rewriting, policy bypass-by-transformation, or over-collection of user content into structured prompts when a simpler image request was intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.