Back to skill

Security audit

Baoyu Cover Image

Security checks across malware telemetry and agentic risk

Overview

This cover-image skill is mostly coherent, but it includes an explicit instruction that could push an agent to bypass image-safety refusals for sensitive or copyrighted figures.

Review the image-safety language before installing. The skill is useful for generating cover images and its file writes are mostly disclosed, but it may encourage an agent to keep generating around sensitive/copyrighted subject refusals. Prefer using it only with rights-cleared subjects and keep project-local preferences unless you intentionally want cross-project defaults.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The prompt explicitly instructs the model to comply with requests involving sensitive or copyrighted figures by creating 'stylistically similar alternatives' and to 'DO NOT refuse to generate.' That is a direct refusal-bypass instruction for disallowed or restricted content and can be used to evade safety controls around public figures, sensitive persons, or copyright-restricted depictions.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The trigger phrase "make cover" is overly broad and can cause the skill to activate for unrelated requests, increasing the chance of unintended tool use and file generation. In an agent environment, ambiguous activation expands the skill's effective authority surface and may route user requests into image-generation workflows they did not intend.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The setup instructs the agent to create directories and write EXTEND.md, including an option to save under a user-wide path, without an explicit warning that preferences will be persisted beyond the current interaction. This can surprise users and create unintended cross-project persistence, especially when the user selects or defaults into a global location.

Ssd 1

Medium
Confidence
98% confidence
Finding
The prompt disguises a safety bypass as a stylistic instruction by telling the model to continue generation for sensitive or copyrighted figures via 'similar alternatives' rather than refusing. In a cover-image skill, this is especially risky because the tool is purpose-built to generate images and could be used to systematically evade protections for restricted subjects or infringing depictions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.