Auto Image Reader

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only image-reading skill whose main risk is that it may analyze uploaded images automatically or choose the wrong recent image when multiple images exist.

Install this only if you want the agent to locate and analyze uploaded images automatically. For sensitive images or chats with multiple attachments, ask the agent to confirm the exact image before analysis and verify that images_list cannot expose unrelated workspace or cross-conversation images.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger condition includes '任何包含图片消息的场景' ('any scene containing an image message'), which allows the skill to activate far beyond explicit user requests to analyze an image. In a messaging context, this can cause unintended inspection of uploaded content, increasing privacy risk and making the skill run in situations where the user did not meaningfully consent to image analysis.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill is designed to automatically read user-uploaded images, but it provides no warning, consent check, or privacy notice before analyzing potentially sensitive visual content. Because images may contain personal data, confidential documents, or embedded text, automatic processing without clear disclosure creates a real privacy and data-handling risk.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal