Back to skill

Security audit

Gemini Image Gen

Security checks across malware telemetry and agentic risk

Overview

The core image generator is coherent, but review is needed because its heartbeat guidance encourages social posting, avatar changes, and memory saving without clear user approval controls.

Install only if you are comfortable sending prompts and selected edit images to Google's Gemini/Imagen service using your API key. Do not let the heartbeat guidance automatically post images, change avatars, or save memories unless you explicitly approve the destination, content, account, and retention rules. Avoid passing confidential files or non-image paths to --edit.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares operational requirements and clearly implies capabilities to read environment variables, write output files, and make network requests to the Gemini API, but it does not declare permissions for those actions. Missing permission declarations weaken sandboxing, user consent, and policy enforcement because users and platforms may not realize the skill can access secrets, local files, and external services.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The heartbeat guidance expands the skill from image generation into actions with external side effects: social posting, profile/avatar modification, and memory persistence. These capabilities are outside the stated purpose of the skill and could cause unauthorized account actions, reputational harm, or unintended retention of generated content if an agent follows them automatically.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The instruction to 'Post to social platforms if relevant' introduces an external publishing action not justified by an image-generation skill. Even framed as optional, it can prompt an agent to disclose generated content publicly without explicit consent, creating privacy, safety, and reputational risks.

Context-Inappropriate Capability

Low
Confidence
93% confidence
Finding
Advising the agent to update a profile avatar extends the skill into account/profile modification, which is outside the stated image generation/editing purpose. Unauthorized avatar changes can alter user identity presentation or branding and may be surprising or harmful even when the content itself is benign.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The instruction to save good results to memory adds persistence behavior beyond the core image-generation purpose. Persisting images or related metadata without clear necessity or consent can create privacy, retention, and data-minimization issues, especially if stored across sessions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The markdown suggests posting images to social platforms and updating a profile avatar without any warning, consent gate, or confirmation step for these external actions. That omission increases the chance an agent will perform public posting or account changes silently, which can lead to privacy exposure, reputational damage, or misuse of connected accounts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README markets image generation and editing via the Google Gemini API but does not clearly warn users that their prompts and, for editing, uploaded images are transmitted to a third-party service. This can lead users to unintentionally send sensitive text or images off-device, creating privacy, compliance, and data-handling risks, especially in enterprise or regulated environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to send prompts and optionally local images to a third-party cloud API, but it does not warn that this user-provided content leaves the local environment and may be processed or retained externally. This creates a privacy and data-handling risk, especially if users edit sensitive images or include confidential information in prompts.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
When --edit is used, the script reads a local image and transmits its full contents to Google's Gemini API for remote processing. That data flow is expected for the feature, but there is no explicit privacy warning or confirmation at the point of use, so users may unknowingly upload sensitive local images.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.