Security audit

Vibe Creating Prompt

Security checks across malware telemetry and agentic risk

Overview

This is a text-only prompt-rewriting skill whose instructions are coherent with its stated video-prompt purpose and do not show hidden execution, data access, or exfiltration behavior.

Before installing, understand that this skill will shape how the agent rewrites creative video prompts and may remove or translate technical camera parameters unless you explicitly ask to keep them. It does not appear to access files, credentials, accounts, or run code.

SkillSpector

By NVIDIA

Vulnerability Patterns

System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: - **Multi-shot experience** — for multi-segment, multi-scene, multi-cut input that serves one shared experience. Break by natural segments (or by number only if the user asked). 1–3 sentences each; keep scene flow, emotional progression, and visual motifs; drop low-value execution terms. - **Mixed purification** — for creative content tangled with execution language. Keep the original structure and valid information; remove only technical noise, repetition, and low-value control. Don't over-rewrite or invent new beats. ## Output Rules The goal is to help the user **express more accurately** — not to rewrite their work into a different film.
Confidence: 85% confidence
Finding: Output Rules

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal