ImaginePro AI Image Generation API

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward ImaginePro API wrapper that sends user-provided prompts and image URLs to ImaginePro for the advertised image/video generation features.

Install this only if you intend to let an agent use your ImaginePro account and credits. Use a dedicated API key if possible, monitor credit usage, and avoid submitting confidential prompts, private/internal image URLs, personal data, or sensitive webhook endpoints unless you accept ImaginePro processing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill sends user prompts, reference image URLs, optional webhook URLs, and API authentication to a third-party service, but the description does not clearly warn users that their content leaves the local environment. In this context, users may unknowingly submit sensitive prompts, internal image URLs, or webhook endpoints to an external provider, creating privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 79% confidence
Finding: The helper sends user-provided prompts, image URLs, and frame URLs to a third-party service, but does not provide an explicit disclosure or consent mechanism at the point of use. In an agent context, users may not realize potentially sensitive prompts or private media references are being transmitted externally, creating privacy and data-handling risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal