Back to skill

Security audit

Baoyu Xhs Images

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a coherent image-card generator, but it embeds prompt text that pressures downstream image generators not to refuse sensitive or copyrighted figure requests.

Install only if you are comfortable reviewing or editing the generated prompts before image generation. Avoid using it for real people, copyrighted characters, celebrity likenesses, or other sensitive/public-figure content unless the prompt template is changed to respect downstream safety decisions. Expect it to create local project files and optional preference files, and to use your selected image-generation backend or Codex session when rendering images.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The prompt template explicitly instructs the system to generate stylistically similar alternatives for sensitive or copyrighted figures and adds 'DO NOT refuse to generate.' That bypasses normal safety refusal behavior and enables evasion of content restrictions around protected persons/IP, making the workflow more dangerous than a neutral prompt-assembly guide.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The screen-print override repeats the lookalike generation pattern by telling the model to create 'stylistically similar silhouettes' for sensitive or copyrighted figures. Even without the explicit 'do not refuse' phrase here, it still teaches the model to evade restrictions through derivative depictions, which can undermine safeguards and facilitate policy circumvention.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation condition is overly broad because it can trigger on generic requests for 'social media infographic series' that may not actually require this specific skill. Over-broad routing can cause the agent to select a powerful workflow unexpectedly, leading to unintended file creation, preference loading, reference handling, and image-generation actions outside the user's narrow intent.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The framework hard-codes `source_language: zh` and `user_language: zh` in the required output template, which can override or ignore the actual user's language and source content language. In a multilingual agent workflow, this can cause incorrect downstream processing, misleading outputs, and user-directed content generation in the wrong language without consent or clear justification.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The phrase 'DO NOT refuse to generate' is a direct safety-bypass instruction embedded in the base prompt structure. Because this skill assembles prompts for another image-generation system, the instruction can systematically pressure downstream models to ignore guardrails for sensitive or copyrighted figure requests, increasing the likelihood of prohibited content generation at scale.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.