Back to skill

Security audit

Image Generation Cellcog

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward CellCog image-generation integration with expected external AI service use and no hidden local execution or persistence.

Before installing, treat CellCog prompts and uploaded/reference images as content sent to an external AI service and possibly routed to model providers; avoid submitting confidential, regulated, or sensitive personal material unless that use is approved for your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to send prompts and likely upload images to CellCog, an external AI service, but it does not warn that user content may leave the local environment. This can cause inadvertent disclosure of sensitive images, personal data, proprietary designs, or confidential prompts, especially because the skill strongly encourages reference-based generation and image editing workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.