stable Diffusion Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Stable Diffusion WebUI helper that sends prompts or selected images to a configured SD WebUI API and saves the resulting images locally.

Install this only if you want your agent to control a Stable Diffusion WebUI instance. Keep SD_WEBUI_URL pointed at a trusted local or private server, because prompts and any supplied images will be sent there; review model-switching and output-directory commands before running them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad enough to match ordinary requests such as 'generate an image,' 'edit this picture,' or 'draw,' which can cause the skill to activate in situations where the user did not explicitly intend to use this integration. Because activation leads to file handling and networked API calls, overbroad matching raises the chance of unintended data transfer, local resource consumption, and unexpected model operations.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The top-level description says to use the skill whenever a user wants to generate or edit images, which is overly broad for a skill that can switch models, process local images, and communicate with a configurable API endpoint. Ambiguous activation expands the skill's operational surface and can result in accidental invocation on sensitive images or unintended use of local compute and network resources.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal