Photo Edit Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a simple photo-critique skill with broad but disclosed activation wording and no hidden code, credential access, persistence, or destructive behavior.

Install this if you want an agent to critique photo edits. Be aware that broad photo-feedback questions may invoke it, so only share images you are comfortable having reviewed by your agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README says the skill 'runs automatically alongside' another skill and triggers on broad classes of user requests about photo exposure, tone, color grade, or editing. That scope is ambiguous enough to cause unintended invocation during ordinary image discussions, which can lead to unnecessary processing, surprise behavior, or accidental sharing of user-provided image context with this skill when the user did not clearly request it.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The example phrases like 'Is this edited well?' and 'What would you fix in this edit?' are generic and likely to overlap with normal conversation about photographs. In an auto-routing system, such broad examples increase the chance of false-positive activation, causing the skill to engage when the user may only want casual discussion rather than structured analysis.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal