Ai Image Generator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only image generation skill whose external API use fits its purpose, but users should handle API keys and uploaded images carefully.

Install only if you are comfortable sending prompts and reference images to the provider you configure. Store API keys in environment variables or a secret manager, avoid uploading sensitive or regulated images, watch billing limits, and do not run an untrusted generate.py from elsewhere just because the example references one.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill shows users how to place an API key in configuration and send prompts/images to an external image-generation service, but it provides no guidance on secret handling, storage, rotation, or the privacy implications of uploading potentially sensitive text and images. This can lead to credential leakage in source files or logs and unintended disclosure of proprietary or personal data to a third-party provider.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal