Security audit

使用Nano Banana Pro（Gemini 3 Pro Image）通过第三方中转API站清云EchoFlow API生成或编辑图像。支持图像生成、图像编辑和多图像合成（最多14张图像）。当用户请求生成图像、创建图像、编辑图像或组合图像时使用。关键词：图像生成、图片生成、生成图片、AI绘画、Nano Banana Pro、Gemini、Gemini 3 Pro Image。

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is mostly purpose-aligned, but it can send unrelated API keys and selected images/prompts to a third-party service with limited disclosure and URL validation.

Review before installing. Use a dedicated EchoFlow API key, avoid running it where OPENAI_API_KEY or GEMINI_API_KEY are set unless you intentionally want those credentials used with the configured endpoint, and do not submit sensitive prompts or private images unless you are comfortable with EchoFlow or the chosen API base processing them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tainted flow: 'content' from httpx.post (line 234, network input) → httpx.get (network output)

Medium

Category: Data Flow
Content: # Check if content is a URL if not image_saved and content.startswith("http"): img_response = httpx.get(content, timeout=60) img_response.raise_for_status() image = PILImage.open(BytesIO(img_response.content)) image.save(str(output_path), 'PNG')
Confidence: 96% confidence
Finding: img_response = httpx.get(content, timeout=60)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description includes very broad trigger phrases like 'generate images', 'create images', 'edit images', or 'combine images', which can cause over-invocation in normal conversations. That increases the chance of unintentionally sending user prompts or files to a third-party API without sufficiently explicit user intent or confirmation.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill clearly instructs users to send prompts and possibly local input images to EchoFlow, but it does not provide an explicit warning that this data leaves the local environment and is transmitted to an external service. This creates a real privacy and data-handling risk, especially for sensitive images, proprietary artwork, or confidential prompts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal