Stable Diffusion Sd3

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local Stable Diffusion setup guide with disclosed package installs, local router usage, and user-initiated model downloads.

Before installing, review the PyPI and uv packages and any patch script you run, expect multi-gigabyte HuggingFace downloads on first model use, and make sure the local router port is only reachable by devices you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The guardrail states that all requests stay local and no data leaves the network, but the documentation elsewhere says first use downloads model weights from HuggingFace. This creates a misleading trust boundary: users may assume fully offline behavior and expose prompts, metadata, or installation activity in environments where outbound network access is restricted or sensitive.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal