Security audit

CREAT IMAGE FREE

Security checks across malware telemetry and agentic risk

Overview

This is a simple image-generation skill that discloses use of an external Gilotex API and shows no local code execution, persistence, credential access, or hidden behavior.

Install only if you are comfortable sending image prompts to the Gilotex third-party service. Avoid putting secrets, private personal data, credentials, or confidential business material in prompts, and review the provider’s terms if retention, logging, or generated-content policy matters to you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly sends user prompts to an external API endpoint but does not warn users that their input will leave the local system and be transmitted to a third-party service. This creates a real privacy and data-handling risk because users may include sensitive, proprietary, or regulated information in prompts without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal