Security audit

gpt image 2 generation

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WellAPI image-generation helper that uses a user-provided API key, calls one image endpoint, and saves generated image files locally.

Install only if you trust WellAPI with your prompts and API usage. Use a dedicated, revocable API key, avoid confidential prompts, and delete or rotate the saved key if you no longer use the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: - "Generate an image of a sunset over the ocean" - "Draw a cat wearing a top hat" - "Create a 1024x1024 picture of …" - "Make an illustration / poster / artwork of …" - Any other request to produce a visual from a textual description.
Confidence: 71% confidence
Finding: Create a 1024x1024 picture of …" - "Make an illustration / poster / artwork of …" - Any other request to produce a visual from a textual description. If the user asks for image *editing* (in-painting

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.