AI Hairstyle Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Media.io hairstyle-generation API wrapper, with the main user consideration being that portrait image URLs are sent to Media.io for processing.

Install this if you are comfortable using a Media.io API key and sending user-authorized portrait image URLs to Media.io. Avoid private, sensitive, or unauthorized images, treat generated preview URLs as potentially shareable links, and keep the API key out of chat logs and responses.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill clearly instructs sending user-supplied image URLs to Media.io, but it does not explicitly warn that user images and related metadata will be transmitted to an external third-party service for processing. This creates a privacy and consent risk, especially for portraits and other sensitive images, because users may not realize their content leaves the local agent environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal