Security audit

Video Subtitle Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: create subtitles locally and optionally send subtitle text to a chosen LLM provider for translation.

Install in a virtual environment, consider pinning dependencies before serious use, and avoid translation for sensitive videos unless you are comfortable sending the subtitle text to the configured LLM provider and paying token costs. Confirm the API key, base URL, and target language before running translation or the full pipeline.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documents and encourages use of environment variables, local file read/write, and shell commands, but does not declare corresponding permissions. This creates a transparency and policy gap: an agent or user may invoke a capability-bearing skill without clear upfront disclosure of what resources it can access or modify.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README mentions that translation uses a remote LLM API and that network access/token charges apply, but it does not clearly and prominently warn that subtitle text content is transmitted off-device to a third-party service. Because subtitles may contain sensitive spoken content from private or internal videos, users may unknowingly exfiltrate confidential data during translation.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The documentation defines a default target language (`zh`) and shows translation commands that proceed with that default, which can cause remote API usage and processing of subtitle content without explicit user selection of the output language. In context, this is more concerning because translation incurs external network transfer and token costs, so defaulting behavior can lead to unintended data disclosure and billing.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script sends subtitle contents to a third-party LLM endpoint for translation, but there is no meaningful disclosure, consent flow, or safety warning to the user beyond generic CLI options. Subtitle files can contain sensitive spoken content, so this creates a real confidentiality/privacy risk when users may assume processing is local.

Ssd 1

Medium

Confidence: 88% confidence
Finding: Untrusted subtitle text is interpolated directly into a natural-language prompt, so crafted subtitle content can act as prompt injection and steer the model away from pure translation. In this script the effect is bounded because the output is written to subtitle files rather than used as code or tool input, but it can still corrupt translations, insert attacker-chosen content, or cause leakage of adjacent batch content through model behavior.

Ssd 1

Medium

Confidence: 93% confidence
Finding: The batch prompt concatenates multiple attacker-controlled subtitle lines into one shared prompt context, which increases prompt injection risk and cross-item interference. A malicious subtitle line can instruct the model to ignore formatting, modify other translations, or summarize/reveal neighboring lines, causing integrity issues and potential exposure of other subtitle content within the same batch.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal