Back to skill

Security audit

Gemini Nano Images

Security checks across malware telemetry and agentic risk

Overview

The core image generator is understandable, but the skill also directs use of a separate Instagram posting workflow with persistent mode changes and weak approval boundaries.

Review carefully before installing, especially if you may use the Instagram workflow. The Gemini scripts generate local files, but do not run the smart_poster_v4.py commands unless you have separately reviewed that automation, know which account it controls, and require explicit approval before anything is posted. Use GEMINI_API_KEY or a secret manager instead of command-line key flags, and avoid sending confidential or sensitive prompts to Gemini.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation directs users to export an API key and write generated assets to disk, but no permissions are declared to reflect those capabilities. This weakens reviewability and can cause the agent or user to invoke a skill with broader access than expected, especially where credentials and local files are involved.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
A description-behavior mismatch is a trust and governance problem: users and reviewers may approve use of one model/service while the implementation actually sends data to a different one. That can change privacy, cost, safety, or compliance characteristics, and is more concerning here because prompts and generated social-media content are sent to an external provider.

Description-Behavior Mismatch

Medium
Confidence
80% confidence
Finding
The documentation expands from image generation into broader Instagram workflow automation and posting strategy, including stock-photo operational behavior. This scope creep can cause the skill to be selected or trusted for actions outside its stated purpose, increasing the chance of unintended automation or interaction with other systems.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill includes instructions to modify the behavior of a separate Instagram automation system, including mode changes and asset management. Even as documentation, this encourages operators or agents to perform actions beyond the skill's declared function, creating a confused-deputy risk where one skill becomes a bridge to control another subsystem.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to provide an API key and send prompts to Gemini without a clear user-facing warning that data is transmitted to a third-party service. This is dangerous because prompts may contain sensitive personal, business, or campaign data, and users may not realize external processing is occurring.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.