image-to-pdf

Security checks across malware telemetry and agentic risk

Overview

The skill can handle PDF workflows, but it also sends sensitive document outputs and metadata to Telegram automatically without clear per-use confirmation.

Review this skill before use on confidential documents. Keep processing local unless you explicitly want Telegram delivery, verify the recipient each time, avoid putting sensitive voucher or company details in filenames/messages unless required, and delete OCR temporary files after processing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 96% confidence
Finding: The skill adds an outbound data-transfer capability by automatically sending generated documents and metadata to Telegram, which is not required for local image-to-PDF conversion. This creates a clear exfiltration path for potentially sensitive financial or identity documents, especially because the content is sent automatically and includes descriptive metadata.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs automatic sending of processed files to Telegram without a clear privacy warning or explicit user confirmation for external transmission. In the context of vouchers, scans, and financial documents, this materially raises the risk of unauthorized disclosure of sensitive contents and metadata.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The OCR workflow extracts text and key fields from scanned PDFs that may contain highly sensitive personal, financial, or contractual information, yet there is no explicit privacy notice, retention policy, or user consent step. This increases the likelihood of overcollection and unsafe handling of sensitive document contents.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill embeds extracted summary, ship/company ownership, and voucher identifiers into filenames and outbound messages, which unnecessarily propagates sensitive business data into metadata that is easier to expose, search, forward, or log. When combined with Telegram sending, this amplifies disclosure risk because even the filename and message text reveal confidential content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal