Back to skill

Security audit

Agnes Image 2.0 Flash

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward image-generation helper that sends user-provided prompts and image URLs to the Agnes API, with no evidence of hidden persistence, credential theft, destructive behavior, or unrelated data access.

Install only if you are comfortable using the Agnes hosted API. Do not include secrets, private internal URLs, or confidential image descriptions in prompts or image URLs unless you trust that provider's data handling. Expect API usage and possible costs whenever the scripts are run, especially batch generation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad, everyday phrases such as image creation/editing requests that may match normal conversation and invoke the skill unintentionally. Because this skill can send prompts and image URLs to an external image-generation service, accidental invocation can expose user data or cause unintended external actions and costs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation does not warn users that prompts and input image URLs are transmitted to a third-party API. In this skill's context, users may provide private images or sensitive descriptive text, so missing disclosure increases the risk of unintentional data sharing with an external provider.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits user prompts and supplied image URLs to a remote third-party API without any explicit warning, consent prompt, or privacy notice. In an agent-skill context, users may not realize their data leaves the local environment, which can expose sensitive text, internal URLs, or confidential image references.

External Transmission

Medium
Category
Data Exfiltration
Content
fi

# Send request
RESPONSE=$(curl -sf --max-time 360 \
  -H "Authorization: Bearer ${API_KEY}" \
  -H "Content-Type: application/json" \
  -d "$BODY" \
Confidence
90% confidence
Finding
curl -sf --max-time 360 \ -H "Authorization: Bearer ${API_KEY}" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Shell script base64-encodes a local file and sends it over the network.

Critical
Code
suspicious.potential_exfiltration
Location
scripts/agnes-image.sh:98