video-transcript-extractor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only transcript helper whose external video and speech-processing behavior matches its stated purpose, with privacy caveats for sensitive media.

Use this skill only for videos you are comfortable processing through external video, transcription, or AI services. Avoid private, confidential, regulated, or copyrighted media unless you have permission and understand that URLs, subtitles, audio, metadata, and transcripts may be handled by third parties. Verify important quotes and timestamps because ASR and AI correction can introduce errors.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly describes sending user-provided video links and media-derived content to external platform APIs and ASR services, but it does not disclose what data is transmitted, retained, or shared with third parties. Because transcripts may contain personal, sensitive, or copyrighted content, this omission can lead users to unknowingly expose private data to external processors.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal