Back to skill

Security audit

Product Launch Video

Security checks across malware telemetry and agentic risk

Overview

The skill appears built for making product-launch videos, but it includes a setup step that can update the user's global skill set without a clearly scoped approval step.

Review the setup step before installing or running the skill, especially the global skill-update behavior. Use it in a project where network capture, HeyGen/media credentials, CDN loading, and generated-file mutations are acceptable, and check multilingual output if preserving original scripts matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script modifies frame HTML files in place during its 'auto-repair' path, which means running assembly can silently alter prior build artifacts rather than only producing a new index.html. In a pipeline that processes untrusted or shared project content, this can corrupt source outputs, mask upstream defects, and create surprising side effects that make later review or reproduction difficult.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The generated captions HTML pulls GSAP from a third-party CDN at runtime via a remote <script src>, creating a supply-chain and availability dependency outside the project boundary. Even with an integrity attribute, this still enables failures or unexpected behavior if the network is unavailable, the CDN is blocked, or the URL/version is changed in future revisions; in a production video-generation skill this can break rendering or expose users to third-party dependency risk.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The instruction explicitly tells the agent to romanize or transliterate non-Latin visible text when a shipped font is unavailable, without requiring user approval or preserving the original script. In a product-launch video skill, this can alter brand names, copy, or meaning for multilingual content, causing misrepresentation, exclusion of target audiences, and potentially unsafe silent degradation of user-provided content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/audio.mjs:85