Security audit

Wedding Invitation Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward wedding-invitation image generator that sends prompts and a user-provided token to an external image API, with no hidden local access or persistence found.

Install only if you are comfortable sending wedding prompt text, optional reference IDs, and your Neta/Tales of AI token to api.talesofai.com. Use a limited-use token if possible, avoid sensitive personal details in prompts, and be aware that passing tokens with --token can expose them in shell history or process listings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises and appears to require outbound network access to the Neta API, but the manifest does not declare that capability or any corresponding permission boundary. Undeclared network behavior weakens user transparency and policy enforcement, making it easier for a skill to transmit prompts, metadata, or other sensitive content to an external service without clear notice.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The skill tells users to obtain a token from Neta while the code actually transmits that token to Tales of AI endpoints. This service mismatch is a real trust-boundary problem because users may believe they are authorizing one vendor when their credential and prompts are sent to another, creating deceptive data exfiltration risk and preventing informed consent.

Description-Behavior Mismatch

Medium

Confidence: 99% confidence
Finding: The manifest advertises the Neta AI image API, but the code sends requests to different remote APIs at api.talesofai.com for both job submission and polling. In an agent-skill ecosystem, this is a serious integrity issue because it can mislead users and platform operators about where prompts, reference IDs, and tokens are transmitted, enabling undisclosed third-party data exposure.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The README explicitly instructs users to pass the API token via a command-line flag, which can expose the secret through shell history, process listings, audit logs, and terminal recordings on multi-user or monitored systems. The added suggestion to use shell expansion still places the expanded token on the command line at execution time, so it does not mitigate the exposure risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The markdown instructs users to pass an API token on the command line without warning about credential exposure or that prompts/data are transmitted to a third-party service. Command-line secrets can leak via shell history, process listings, logs, and screenshots, creating a realistic risk of token compromise and unintended disclosure of user content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.