Picrd Image Hosting

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward helper for uploading user-selected images to picrd.com, but users should treat uploads as public and potentially permanent.

Install if you want an agent to upload selected images to picrd.com. Do not use it for private screenshots, documents, credentials, or non-image files; prefer temporary TTL uploads when appropriate and save the delete URL immediately if you may need removal.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The manifest description includes broad trigger phrases like 'free hosting', 'file hosting', and 'file share' even though the skill only handles public image uploads to a specific service. This can cause the skill to be invoked for generic hosting or file-sharing requests outside its intended scope, increasing the chance that an agent routes unrelated or sensitive user files to an unauthenticated third-party image host.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal