Security audit

Pixar Portrait Generator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims by sending user prompts to a disclosed external image-generation API, but users should treat prompts and the Neta token as sensitive.

Install only if you are comfortable using Neta/Tales of AI for image generation. Avoid putting sensitive personal details in prompts, do not use private reference IDs unless you trust the provider, and prefer a short-lived or low-privilege API token because the current examples pass the token on the command line.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The invocation guidance is broad enough to match many generic requests for cartoon or stylized portraits, which increases the chance the skill is auto-selected in situations where the user did not specifically intend to use this third-party service. In context, that matters because selecting this skill may trigger external API use and token-backed operations, expanding unnecessary data exposure and surprise network actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation asks users to provide a Neta API token and submit prompts, but it does not clearly warn that those inputs are sent to a third-party external API. This undermines informed consent and can lead to unintended disclosure of sensitive prompts, images, or account-linked token usage to an external service.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script accepts the API token via a command-line flag and then uses it in outbound requests. Command-line arguments are commonly exposed through shell history, process listings, CI logs, and telemetry, so this creates a realistic credential exposure risk even though the code is not overtly malicious.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: User-supplied prompt data is sent to a third-party image-generation API without any explicit privacy notice or consent flow. Prompts may contain personal, sensitive, or proprietary information, so silent transmission to an external service can lead to unintended data disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal