Product to Ads (Ad-Ready)

Security checks across malware telemetry and agentic risk

Overview

This skill is built for ad generation, but it also enables sensitive likeness-preserving person and reference-image workflows that need careful review before use.

Install only if you are comfortable sending product URLs and image assets to ComfyDeploy. Use public product pages and assets you have rights to use, and do not use real people, reference ads, or likeness-preserving model images unless you have clear consent and commercial usage rights.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (12)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The prompt is heavily oriented around reconstructing and tightly controlling a human subject's identity, body, pose, and sensual presentation rather than staying narrowly focused on product-ad generation from URLs. That materially expands the skill into identity-sensitive, potentially exploitative person-generation behavior, increasing risk of misuse for biometric profiling, sexualized synthetic imagery, or unauthorized likeness-based ad creation.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The prompt requests detailed demographic and biometric characterization including ethnicity, skin tone, facial landmarks, body proportions, and anatomical description with 'strict' adherence to a reference. These instructions enable sensitive attribute inference and identity-preserving human synthesis beyond what is necessary for ordinary ad rendering, creating privacy, discrimination, and consent risks if reference images are provided without proper authorization.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The prompt requires strict preservation of a real person's identity traits, including facial structure, body proportions, and ethnicity, which materially enables identity-based likeness replication rather than general model guidance. In an ad-generation skill, this increases the risk of non-consensual impersonation, deceptive endorsements, and misuse of sensitive personal attributes in generated commercial content.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The prompt instructs the model to replicate pose exactly and derive photography style and location directly from external reference images, which goes beyond inspiration and moves toward copying protected or proprietary creative expression. In a commercial ad tool, this creates elevated risk of IP infringement, unauthorized style cloning, and misleading near-duplicates of third-party campaigns.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: This prompt appears misaligned with the advertised Ad-Ready skill: it is a manual, talent-centric 'MORFEO CREATIVE STAGE' blueprint rather than a URL-driven product-ad workflow. That mismatch is dangerous because it can cause the agent to invoke a different generation path than the user expects, increasing the chance of unauthorized processing of talent imagery, policy drift, or outputs that violate the declared product scope.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The prompt instructs the model to infer and preserve detailed protected and appearance-related traits such as ethnicity, beauty positioning, and precise body/facial characterization, even though the skill's stated purpose is ad generation from product URLs. This creates unnecessary collection and processing of sensitive attributes, which can lead to discriminatory outputs, privacy issues, and policy noncompliance if used on real people without clear necessity or consent.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description says to use the skill whenever the user wants to create ads for any product by providing a URL, which is broad enough to trigger on many generic image-generation or marketing requests. Over-broad invocation can cause the agent to unnecessarily fetch external URLs, download assets, or send data to third-party services when the user did not explicitly request this pipeline.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The workflow instructs the agent to visit external product pages, download images/logos, and save them to `/tmp` without an explicit user warning or consent step. This is dangerous because it performs network access and local file writes on behalf of the user, potentially interacting with untrusted URLs, storing copyrighted/sensitive assets locally, and creating hidden side effects.

Natural-Language Policy Violations

Medium

Confidence: 98% confidence
Finding: The instruction to describe and preserve a subject's ethnicity explicitly operationalizes a protected characteristic without user necessity or documented business justification. In an ad-generation context, this is particularly risky because it can facilitate demographic targeting, identity fixation, or discriminatory creative generation based on inferred sensitive traits.

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The prompt mandates that ethnicity be described exactly as visible, forcing processing and preservation of a sensitive personal attribute without clear necessity or user-controlled justification. In an advertising context, hard-coding ethnicity into generation instructions can facilitate demographic targeting, profiling, or discriminatory creative adaptation based on protected characteristics.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The prompt embeds multiple unbounded placeholders such as campaign brief, keyword bank, funnel stage, and creative references directly into a high-authority system instruction without defining trust boundaries, sanitization, or schema constraints. In an agent skill that consumes external product URLs and optional user-supplied brand/context data, this can enable prompt injection or instruction smuggling that alters model behavior, weakens output restrictions, or causes unsafe/incorrect generation directives to be treated as authoritative context.

Natural-Language Policy Violations

Medium

Confidence: 95% confidence
Finding: Forcing the system to describe and preserve ethnicity exactly from a reference image without user opt-in or documented justification is a concrete sensitive-attribute handling issue. In this skill context, that is more dangerous because the advertised workflow is product advertising from URLs, so ethnicity preservation is not obviously required and may cause the system to classify protected characteristics from images by default.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal