Image Prompt Engineer

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk image prompt-writing guide with no executable code, credentials, or hidden system access.

Safe to install as an image-generation prompt helper. Consider narrowing its trigger wording if you only want it used for explicit AI image, Midjourney, DALL-E, Stable Diffusion, Flux, or photography prompt requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The manifest description includes broad trigger phrases such as 'write a prompt' and 'generate an image of', which can match many ordinary user requests and cause the skill to be invoked outside its narrow intended scope. Over-broad activation can lead to unnecessary prompt routing, capability confusion, and unintended influence over unrelated tasks, especially in agent systems that auto-select skills from descriptions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal