Back to skill

Security audit

CinePrompt

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned for prompt sharing and generation, but it under-discloses sensitive uploads and includes a privileged database-write path users should review before installing.

Install only if you are comfortable sending prompt text, state JSON, media references, and provider-generation data to CinePrompt and third-party providers. Avoid confidential or regulated content, use scoped/limited API keys, and do not expose Supabase service-role credentials in the environment unless you have verified this is an internal-only workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill instructs users to authenticate the CLI with an API key but does not warn that the key will be stored locally or used for subsequent requests. This is a real security/privacy transparency issue because users may paste a sensitive credential into the tool without understanding persistence, exposure risks in shell history, or where the key is sent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill says the agent constructs state JSON and the CLI creates a share link on cineprompt.io, but it does not disclose that the prompt/state data is transmitted to an external service. Because the state can include rich free-form text and potentially sensitive creative, personal, or confidential project details, this omission can cause unintended data disclosure off-system.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The BYOK generation section encourages use of third-party model/provider keys and external generation services but does not warn that users will submit credentials and generation data to outside providers such as Fal.ai and Venice.ai. This is dangerous because prompts, media, references, and account-linked keys may be exposed to third-party handling, logging, or retention practices that differ from user expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script transmits prompt text and full state data to a remote Supabase endpoint as part of normal execution, but there is no runtime notice, confirmation, or redaction step before potentially sensitive user content is sent off-host. In a CLI skill context, users may pipe private prompts or structured state into the tool and unintentionally disclose confidential data to an external service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The direct insert path sends prompt and state data to the backend using a high-privilege service key, which bypasses the safer public RPC flow and performs privileged writes without any explicit user-facing warning. In an agent/skill setting, this is more dangerous because environment-provided service credentials could be picked up automatically, causing sensitive data exfiltration or unauthorized database writes under owner-level privileges.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/create-share-link.js:38