video-marketing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent video marketing writing aid with no executable code or hidden installation behavior.

Safe to install based on the provided artifacts. Before using it, check whether your project-context files contain sensitive strategy or audience details, because the skill may use those details when drafting video scripts or marketing recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The trigger conditions are broad and based on many common phrases like "video script," "YouTube script," and "video hook," which can cause the skill to activate in contexts where the user did not actually want this specific capability. Unintended invocation can steer the agent away from a better-matched skill, causing incorrect handling, prompt-scope confusion, or disclosure of irrelevant project context if the skill’s instructions are followed automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal