Security audit

web-ai-image-generation

Security checks across malware telemetry and agentic risk

Overview

This skill openly automates Gemini or ChatGPT image generation through a logged-in browser profile and saves generated images locally.

Use a dedicated Gemini/ChatGPT browser profile rather than your everyday profile, because the profile can contain login cookies and account state. Do not send secrets or regulated data in prompts, keep the output directory private, and consider pinning dependency versions before production use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation explicitly states that login state will be persisted and reused from a local profile directory, but it does not warn that these files may contain sensitive authenticated session data. In the context of a browser automation skill that logs into Gemini or ChatGPT, this can expose tokens, cookies, and account access if the directory is copied, shared, or left with weak filesystem permissions.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly describes reusing a persistent browser profile and authenticated Gemini/ChatGPT web sessions, but the top-level description does not present this as a prominent user-facing warning or consent requirement. That omission can mislead operators into sending prompts and downloading content under their logged-in accounts without fully appreciating the privacy, billing, and account-action implications.

Unpinned Dependencies

Low

Category: Supply Chain
Content: playwright>=1.40 Pillow>=10.0
Confidence: 92% confidence
Finding: playwright>=1.40

Unpinned Dependencies

Low

Category: Supply Chain
Content: playwright>=1.40 Pillow>=10.0
Confidence: 97% confidence
Finding: Pillow>=10.0

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical

Category: Supply Chain
Confidence: 95% confidence
Finding: Pillow

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal