Dataify Youtube Product By Id

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly scoped Dataify helper that submits YouTube video-info collection jobs, with disclosed token use and no evidence of hidden persistence or data theft.

Install only if you intend to let the agent create Dataify Builder tasks for YouTube video IDs. Review the parameters before each submission, be aware that a saved DATAIFY_API_TOKEN may be used automatically, and avoid storing the token persistently unless you are comfortable with that account access on this machine.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The skill enables implicit invocation while describing broad natural-language use cases, which can cause the agent to trigger this external-task submission capability in ambiguous contexts. Because the action submits requests to a third-party service and may use configured API credentials, unintended activation can lead to unauthorized task creation, data disclosure to Dataify, or unwanted external side effects.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal