Seedream 图片生成

Security checks across malware telemetry and agentic risk

Overview

This appears to be a straightforward Seedream image-generation skill; the main caution is that prompts and images are handled by Volcengine's API.

Install only if you are comfortable sending image prompts, image URLs, and referenced images to Volcengine Ark/Seedream. Avoid using secrets, regulated data, private internal URLs, or confidential images unless that external processing is acceptable, and prefer setting ARK_API_KEY in the environment rather than passing it on the command line.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documentation does not clearly warn users that their prompts and any reference images may be transmitted to an external third-party image generation service. This creates a privacy and data handling risk because users may unknowingly submit sensitive text or images outside their local environment, especially in workflows where agents pass user data through tools automatically.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal