Trust Assessment
nvidia-image-gen received a trust score of 43/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 1 critical, 3 high, 1 medium, and 0 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Hardcoded API Key.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read leading to Data Exfiltration The `encode_image_to_base64` function, which is called with the user-controlled `input_image` path, directly opens and reads the specified file. An attacker could provide a path to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `/proc/self/environ`) if the agent has sufficient permissions. The content of these files would then be base64 encoded and sent to the NVIDIA API endpoint, effectively exfiltrating data. Implement strict validation and sanitization for `input_image` paths. Restrict file access to a designated, sandboxed directory (e.g., a temporary directory or a user-specific upload directory). Do not allow arbitrary paths. Consider using an allowlist of file extensions or magic bytes to ensure only actual image files are processed. | LLM | scripts/generate.py:33 | |
| HIGH | Potential data exfiltration: file read + network send Function 'generate_image' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/ty-teo/nvidia-image-gen/scripts/generate.py:176 | |
| HIGH | Hardcoded API Key The `NVIDIA_API_KEY` is hardcoded directly in the `scripts/generate.py` file. While it can be overridden by an environment variable, the presence of a default hardcoded key poses a significant security risk. If this key is compromised, it could be used by unauthorized parties, leading to abuse of the NVIDIA API. Remove the hardcoded default API key. Force the user to provide it via an environment variable (`NVIDIA_API_KEY`) or a secure configuration mechanism. If a default is absolutely necessary for local development, ensure it's a non-sensitive, rate-limited key or clearly documented as for development only. | LLM | scripts/generate.py:11 | |
| HIGH | Arbitrary File Write The `output_path` parameter, which is user-controlled, is directly used to write the generated image to the filesystem. An attacker could specify paths outside the intended output directory (e.g., `../../../../etc/malicious_file.png`) to overwrite or create files in arbitrary locations on the system. This could lead to denial of service (by overwriting critical system files or filling disk space) or facilitate further attacks. Implement strict validation and sanitization for `output_path`. Restrict file writing to a designated, sandboxed output directory. Do not allow path traversal characters (e.g., `..`, `/`) in the user-provided path component. Ensure that the final resolved path is always within the allowed output directory. | LLM | scripts/generate.py:140 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/ty-teo/nvidia-image-gen/scripts/generate.py:7 |
Scan History
Embed Code
[](https://skillshield.io/report/4382f18d1e2d0869)
Powered by SkillShield