Back to skill

Security audit

Photo Cinematic Editor

Security checks across malware telemetry and agentic risk

Overview

This is a local photo-editing skill whose scripts process user-specified image files and do not show credential access, network exfiltration, persistence, or destructive behavior.

Install dependencies in a virtual environment when possible, avoid --break-system-packages unless you understand the impact, and run the scripts with explicit input and output paths so you control which image is read and where results are written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises very broad trigger phrases for generic photo-editing requests without clear boundaries on when it should or should not activate. This can cause over-triggering, routing unrelated image or language requests into this skill unexpectedly, which increases the chance of unsafe tool use, wrong handling of user intent, or interference with more appropriate skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.