Youtube Channel Launch Coach

Security checks across malware telemetry and agentic risk

Overview

This is a text-only YouTube coaching skill that gives creator-growth advice and does not install code, access accounts, or take actions on the user's behalf.

Install this as an advisory coaching skill. Be aware it may activate for broad video critique, title, or thumbnail requests; treat monetization, gear, and third-party service suggestions as advice, not authorization to spend money or share YouTube account credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill description and trigger list include very broad phrases such as 'video title', 'video thumbnail', and 'youtube algorithm', which can match many ordinary creator-support requests outside the intended scope. This can cause the skill to be invoked unintentionally, leading to context hijacking, poor routing, or disclosure of user context to a skill that was not the best match.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The basic invocation examples are generic enough that they may overlap with many unrelated assistant tasks, especially requests like 'Critique my last video' or 'Plan my first 30 videos' without requiring YouTube-specific context. In a skill-routing system, this increases the chance of accidental activation and misapplication of specialized guidance where a more appropriate general or domain-specific skill should respond.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal