Studio Ghibli Image Filter

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Media.io image-filter skill, with the main risk being that image URLs and generated previews are handled by a third-party service.

Install only if you intend to use Media.io for image styling. Use a dedicated Media.io API key if possible, avoid sensitive or private images unless you trust Media.io and the URL host, and remember generated preview URLs may be publicly accessible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends user-supplied image URLs to Media.io and later returns/generated assets hosted by that third-party service, but it does not clearly warn users about this data transfer and hosting. This creates a privacy and consent risk because users may assume processing is local or first-party when their content and metadata are actually disclosed externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal