Google Imagen 3 Portrait Photography

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk image-prompt template with only inert placeholder files and no evidence of credential use, data access, persistence, or hidden execution.

Install this as a prompt-template skill, not as a full Google Imagen integration. Verify the publisher if provenance matters to you, and expect to provide your own image-generation tool or model access.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 98% confidence
Finding: This is a mismatch because the declared purpose describes a specific image-generation capability, but the actual code does not implement that functionality at all. Instead, it only outputs a placeholder message and includes comments indicating that real logic has not been added yet. There is no hidden behavior, but the primary purpose of the code materially differs from the description because it does not perform the claimed task.

Natural-Language Policy Violations

Low

Confidence: 96% confidence
Finding: The skill title and descriptive sections are written in Chinese, while the file provides no indication that language selection is optional or tied to a region-specific requirement. This can violate a language/locale policy when users are not given an opt-in or alternative locale.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal