Back to skill

Security audit

Ai Video Script.Bak

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only video script helper with no code or system access; the only issues are broad trigger wording and a minor metadata mismatch.

This skill appears safe to install for drafting video scripts. Users should be aware it may activate on broad video-writing requests, and they may want to confirm the publisher/slug mismatch is expected before relying on provenance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill advertises broad trigger terms such as “视频脚本”, “分镜”, “AI视频”, and “短视频文案”, which are common phrases likely to appear in many unrelated user requests. Without stricter activation boundaries, the skill may trigger unintentionally, causing overbroad invocation, prompt routing confusion, or unintended exposure of the skill in contexts where it was not requested.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.