Image2Prompt

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only image-to-prompt helper that does what it claims, with privacy cautions for photos of people.

Install only if you are comfortable sending selected images to your configured vision model provider. Avoid using sensitive personal photos, confidential screenshots, or proprietary product images unless your provider settings, retention policy, and consent situation are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly instructs the model to infer and describe sensitive personal attributes from images, including age, ethnicity, gender, skin tone, and body type, without any warning, consent gating, or policy restriction. In an image-analysis skill, this creates privacy and profiling risk because users may upload real people’s photos and receive sensitive inferences that can be inaccurate, intrusive, or inappropriate to generate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal