Back to skill

Security audit

Prompt to Video

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Revid video-generation helper that uses a Revid API key and sends the user’s prompt to Revid for processing.

Install only if you are comfortable sharing video prompts, style notes, and render settings with Revid. Do not include secrets, regulated data, private customer information, or confidential brand plans unless that external sharing is approved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs sending the user's prompt and related creative inputs to Revid's external API but does not clearly warn the user that their data will leave the local system for third-party processing. This can cause inadvertent disclosure of sensitive or proprietary ideas, brand plans, or personal information if users assume the processing is local or agent-internal.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Hard-coding the voice language to 'en-US' without user choice or documentation can cause incorrect language generation, accent mismatch, or exclusion of non-English users. While not typically a direct security flaw, it can create integrity and product-trust issues, especially if the user's input language or audience differs from the forced locale.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.