Film Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a Chinese film-creation workflow skill that routes creative requests between prompt-writing sub-skills and does not include executable code or sensitive access.

Before installing, users should know this skill may activate for broad film or character-design phrases and may pass the creative context into named sub-skills if those are available. It is best suited for Chinese-language film prompt workflows; non-Chinese users may need to explicitly request their preferred language.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad and overlap with many normal creative requests such as '做分镜', '设计角色', or '电影级prompt', which can cause the orchestrator skill to activate when the user did not explicitly request this pipeline. In an agentic system, unintended activation can route user content into multiple downstream skills and expand data exposure, tool use, and prompt-surface area beyond what the user expected.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill metadata and content are written to operate in Chinese without any instruction to preserve the user's language or ask for a preference first. This can degrade usability, cause misunderstanding of generated outputs, and create unsafe handoff behavior if downstream skills inherit a language mode the user did not request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal