Back to skill

Security audit

Picnow — Image Generation

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates or edits images through a disclosed external Picnow API, with expected API-key and optional reference-image handling.

Install only if you are comfortable using api.letmego.top for image generation. Treat prompts and any --ref images as uploaded to that provider, and do not submit secrets, private documents, regulated data, or sensitive personal images unless that provider's terms and privacy practices are acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README says the skill 'activates automatically' for very broad classes of user requests like creating or editing images, but it does not define clear trigger boundaries or require explicit consent before invoking the external service. In agent environments, this can cause unintended activation and transmission of user prompts or attached images to a third-party API, increasing privacy and data handling risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README instructs users to provide prompts and optional local reference images, but it does not clearly warn that this content is uploaded to an external image-generation service. Users may unknowingly send sensitive text, proprietary designs, or personal images off-platform, creating confidentiality and privacy exposure.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The English activation rules are broad enough to trigger on many ordinary requests involving visuals, banners, covers, or adding images. Over-broad activation can route users into a skill that sends prompts and possibly files to an external service without sufficiently clear intent, increasing the chance of accidental data exposure or unexpected third-party processing.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The Chinese trigger phrases are similarly expansive and overlap with common conversational requests about images, illustration, or editing. In context, this is riskier because the skill is designed to send prompts and optional reference images off-platform, so mistaken activation can expose user content to a third party without strong user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documentation explains how to generate and edit images through api.letmego.top but does not prominently warn that user prompts and uploaded reference images are transmitted to a third-party service. This omission undermines informed consent and can lead users to share sensitive images or proprietary prompts without realizing they are leaving the local environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When --ref is provided, the script reads the referenced local image file, base64-encodes it, and uploads it to a third-party remote API. In an agent skill context, this creates a real data exfiltration risk because local user-provided files may contain sensitive or proprietary content, and the code does not present an explicit consent/notice mechanism before transmission.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/generate.js:201