Security audit

AI Prompt Reverse Engine

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only image-to-prompt workflow that is coherent with its stated purpose, with privacy guidance needed for image uploads and OpenAI API use.

Before running any linked implementation, inspect the actual repository and requirements file. Use a dedicated OpenAI API key, keep it out of public files, and avoid uploading sensitive, confidential, regulated, or proprietary images unless you are comfortable with them being sent to the configured model provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README instructs users to upload images to a Flask web demo that uses the OpenAI API, but it does not disclose that uploaded images may be transmitted to a third-party service or describe any privacy implications. This can mislead users into submitting sensitive images under the assumption processing is local, creating a real privacy and consent risk even though it is a documentation-level issue rather than an exploit primitive.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.