Image Gen Compare

Security checks across malware telemetry and agentic risk

Overview

This image comparison skill does what it says overall, but it needs Review because it can automatically use local secret-manager credentials and save generated images into a cloud-synced Proton Drive folder without clear user opt-in.

Review before installing. Use only non-sensitive prompts unless you accept third-party processing and local history storage. Check whether the Proton Drive path exists on your machine, because generated images may sync to cloud storage. Prefer setting OPENAI_API_KEY explicitly and avoid relying on automatic 1Password service-token lookup unless you understand what vault item it can access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Tainted flow: 'image_url' from requests.post (line 108, network input) → requests.get (network output)

Medium

Category: Data Flow
Content: filename = f"dalle3_{quality}_{ts}.png" dest = OUTPUT_DIR / filename img_resp = requests.get(image_url, timeout=30) dest.write_bytes(img_resp.content) result = {
Confidence: 80% confidence
Finding: img_resp = requests.get(image_url, timeout=30)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script silently redirects outputs to a Proton Drive cloud-synced directory when present, despite documentation implying local workspace storage. This can cause unintended external synchronization of generated images and prompts-derived artifacts, increasing privacy and data handling risk in a skill that appears local-first.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill reads a local service-account token file and invokes the 1Password CLI to retrieve credentials, which broadens its access to secrets beyond what users may expect from an image comparison tool. While there is no obvious exfiltration beyond the intended API use, this hidden credential-retrieval capability increases the blast radius if the script or environment is misused.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The module documentation states outputs are saved under the workspace, but the implementation may instead store them in Proton Drive. This discrepancy is security-relevant because it hides cloud synchronization behavior from users and reviewers, undermining informed consent around where generated content is stored.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill description does not clearly warn that prompts, metadata, and run history are stored, nor that cloud-backed models transmit prompt data to third-party APIs. For an image-generation comparison tool, prompts can contain proprietary, personal, or sensitive content, so undisclosed storage and external transmission create real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: User-supplied prompts are transmitted to an external image-generation service without an explicit privacy warning or consent flow. In the context of a comparison skill that also supports local generation, this matters because users may reasonably assume their prompt stays local unless remote transmission is clearly disclosed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal