Back to skill

Security audit

Agnes Image 2.1 Flash

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent image-generation skill that uses an external Agnes API as expected, with privacy and activation-scope caveats users should understand.

Install only if you are comfortable sending image prompts and referenced image URLs to the Agnes service. Avoid using it with secrets, private internal URLs, confidential images, or personal data unless that third-party processing is acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes broad everyday phrases such as image creation, editing, merging, and style-change terms that are common across many benign user requests. This can cause the skill to activate unexpectedly and route prompts, image URLs, or file-output behavior to an external image service without the user clearly intending to use this specific integration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation describes sending prompts and public image URLs to an external service and optionally writing outputs to local files, but it does not warn users about those data flows. Without notice or consent, users may provide sensitive prompts, proprietary images, or unintended output paths, creating privacy and local data-handling risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to send prompts and image URLs to a third-party API endpoint but does not clearly warn that these inputs leave the local environment and are transmitted to an external service. This can lead users to unknowingly submit sensitive prompts, internal image URLs, or private assets, creating confidentiality and privacy risks, especially in agent or enterprise contexts.

External Transmission

Medium
Category
Data Exfiltration
Content
fi

# Send request
RESPONSE=$(curl -sf --max-time 360 \
  -H "Authorization: Bearer ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d "$BODY" \
Confidence
97% confidence
Finding
curl -sf --max-time 360 \ -H "Authorization: Bearer ${API_KEY}" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Shell script base64-encodes a local file and sends it over the network.

Critical
Code
suspicious.potential_exfiltration
Location
scripts/agnes-image-2.1.sh:96