Back to skill

Security audit

Gemini Image Gen + Watermark Removal

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated Gemini image-generation and watermark-removal purpose, but it adds an under-disclosed optional Feishu sharing path with a hard-coded recipient and provides no safeguards around provenance-altering watermark removal.

Install only if you intentionally want an agent to control a logged-in Google browser for Gemini and to run a third-party watermark-removal tool. Use watermark removal only for images you are authorized to modify, verify the GeminiWatermarkTool source before installing it, and do not run the Feishu snippet unless you replace and confirm the recipient and are comfortable sending the image and caption to that external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill adds an optional Feishu image-sending workflow that is outside the core stated purpose of Gemini image generation and watermark removal. This expands the data-flow surface by enabling exfiltration of generated or user-provided images to an external service, increasing privacy and misuse risk without clear scoping or safeguards.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs users to remove watermarks from generated images using a dedicated tool, but provides no warning about provenance, copyright, platform policy, or misuse implications. Watermark removal can facilitate deceptive redistribution and stripping of origin markers, making the workflow materially riskier than ordinary image handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Feishu-sharing instructions transmit output images and captions to an external platform without any privacy warning, consent check, or discussion of sensitive data handling. If users send personal, confidential, or regulated images, the skill could enable unintended disclosure to third-party infrastructure.

Natural-Language Policy Violations

Medium
Confidence
98% confidence
Finding
The skill metadata explicitly advertises watermark removal as a core function, indicating intentional circumvention of content provenance or ownership markers rather than an incidental image-processing feature. In this context, the capability enables misuse of generated or protected images by stripping attribution/safety signals, which increases the risk of deception, policy evasion, and downstream copyright or authenticity abuse.

Ssd 4

Medium
Confidence
96% confidence
Finding
The skill packages browser automation, image download, and watermark removal into a normalized end-to-end procedure, lowering the barrier to unauthorized manipulation of provenance-bearing media. In context, the skill is specifically designed around removing Gemini-generated watermarks, which makes the potentially abusive objective central rather than incidental.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.