agnes-图片生成

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill does what it says, but it handles API keys and third-party uploads in ways users should review carefully.

Install only if you are comfortable sending prompts and any edited images to Agnes AI. Prefer setting AGNES_API_KEY as an environment variable, avoid pasting real API keys into chat, and do not rely on any shared built-in key for private or accountable work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The skill explicitly states that it contains a built-in default Agnes API key and encourages using it as a fallback. Embedding service credentials in a distributable skill creates shared-secret exposure risk, unauthorized billing/abuse, and makes it impossible to enforce per-user accountability or least privilege.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill sends prompts and potentially user-supplied images to an external HTTP API but does not clearly warn users about third-party data transfer, retention, or privacy implications. For image-editing requests, this may expose sensitive images, embedded metadata, or confidential prompt content to an external provider without informed consent.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation instructs users to provide API keys directly in chat ('Key 是 sk-xxx'), which can leak secrets into conversation history, logs, analytics, screenshots, or downstream tooling. Encouraging plaintext credential sharing materially increases the chance of credential compromise and subsequent unauthorized API use.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal