HTML/CSS to Image

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward connector skill for creating, deleting, and checking usage for HTML/CSS to Image through OOMOL, with the main risk being normal account access for state-changing actions.

Install this only if you want Codex to operate your HTML/CSS to Image account through OOMOL. Review the exact JSON payload before approving image creation, and approve delete actions only when the target image or batch is clear.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The manifest description says to use this skill for ANY HTML/CSS to Image request and instead of calling the API directly, which is an overly broad trigger that can cause the agent to invoke the skill in situations where it may be unnecessary or inappropriate. Over-broad routing increases the chance of unintended external actions, especially because this skill includes create and delete capabilities and encourages direct operational use through the connector.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal