Back to skill

Security audit

腾讯混元生图能力

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Tencent Hunyuan image-generation wrapper, but its documentation includes prompt-rewording advice that can help users work around provider content filters.

Review before installing. Use a least-privileged Tencent Cloud key, avoid sensitive or regulated text in prompts, remember that prompts and job metadata may be processed by Tencent Cloud and saved locally, and do not rely on the documented filter-workaround advice as acceptable-use guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends the user-supplied prompt and related parameters to Tencent Cloud, but there is no explicit disclosure or consent mechanism warning that prompt contents will leave the local environment. If users include sensitive data in prompts, that information is transmitted to a third-party service and may be logged or retained externally.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script reads cloud API credentials from environment variables without prominently disclosing that it accesses sensitive secrets from the local environment. While this is a common implementation pattern, users of an agent skill may not expect credential access unless it is clearly documented and consented to.

Ssd 2

Medium
Confidence
97% confidence
Finding
The documentation advises users to rephrase blocked prompts with descriptive substitutes after content moderation rejects certain named subjects. That is effectively guidance for bypassing provider safety controls, which can facilitate generation of content the upstream service intended to restrict. In a text-to-image skill, this makes the skill more dangerous because the core function is direct submission of user prompts to a generative model.

Ssd 2

Medium
Confidence
98% confidence
Finding
The best-practice section explicitly recommends semantic substitutions like using generic descriptors instead of blocked names to avoid content controls. This normalizes circumvention and can help users systematically work around moderation filters, increasing the chance of policy-violating or harmful image generation. Because the skill is an API wrapper for image generation, such guidance directly operationalizes bypass attempts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.