Back to skill

Security audit

Photo Editor Pro

Security checks across malware telemetry and agentic risk

Overview

This is a simple photo-editing skill whose local file, cloud storage, and social upload references fit its stated purpose, but users should confirm before sending images to third-party services.

Before installing or using it, decide which folders or images it may edit, require confirmation before overwriting files, and only connect Google Drive, Dropbox, or social accounts when you intend to export or post images there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises local file saves plus cloud storage and social API uploads, but it does not disclose when image data may leave the local environment or that files may be modified and exported. In an agent context, that omission can cause users to authorize actions involving sensitive images without informed consent, increasing the risk of unintended data exposure or destructive edits.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.