Security audit

Media Generation

Security checks across malware telemetry and agentic risk

Overview

This media-generation skill is coherent and purpose-aligned, but users should understand that prompts, selected media files, provider responses, and optional logs may contain sensitive information.

Install only if you are comfortable with this skill using your configured media-provider API credentials, uploading your prompts and selected media to those providers, downloading provider-returned URLs, and saving outputs under local tmp media folders. Avoid using it with confidential media unless the provider is trusted, and treat optional batch summary files as sensitive logs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to use local scripts, read configuration from environment/files, write outputs to disk, invoke shell commands, and contact external providers, but it declares no permissions or trust boundary warnings. That mismatch can cause the skill to run with broader capabilities than users or reviewers expect, increasing the risk of unintended file access, credential use, network exfiltration, or command execution.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The workflow is designed to pass user prompts, images, masks, reference media, and possibly fetched remote content to external media providers, yet the skill description contains no user-facing warning about that data transfer. This creates a privacy and consent risk because users may unknowingly send sensitive images, embedded metadata, or confidential prompts to third-party services.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explicitly states that the batch summary stores the fully resolved command plus per-item stdout and stderr. In this skill, commands and process output may include prompts, file paths, provider endpoints, auth-bearing URLs, data URLs/base64 media, or other sensitive operational data, so persisting them by default or without a warning can create an information disclosure risk through logs and artifacts.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script performs a direct HTTP GET to a media reference extracted from untrusted model output and also forwards caller-supplied headers to that destination without validation, allowlisting, or any user confirmation. In this skill's context, that is meaningfully risky because the skill explicitly supports fetching media from URLs/HTML/JSON/data URLs/base64, so a crafted model response can induce server-side requests to arbitrary hosts and potentially leak bearer tokens or other sensitive headers to attacker-controlled endpoints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal