Back to skill

Security audit

PDF to Video

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Revid PDF-to-video helper, but users should only use PDFs they are willing to make reachable by Revid.

Install only if you are comfortable sending the PDF URL and document contents to Revid and, for local PDFs, making the file reachable through public or shared storage. Do not use confidential, regulated, proprietary, or personal PDFs unless you deliberately approve that exposure and understand the storage and retention risks; prefer time-limited signed URLs and a scoped Revid API key where available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs agents to upload local PDFs to public storage so a third-party service can fetch them, but it does not warn about confidentiality, access control, retention, or whether the document contains sensitive data. This can lead to unintended public exposure of proprietary, personal, or regulated documents, especially because users may assume local files remain private during processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.