Create Edu Video

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed educational-video creation workflow with ordinary project setup, media generation, and rendering steps, but users should be aware it may use external search and TTS services.

Install only if you want an agent to create local Remotion video projects, generate files, run media/rendering commands, and use external search/TTS services. Avoid giving proprietary lesson plans, private student data, or confidential scripts unless you are comfortable with those topics or text being sent to third-party services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The trigger conditions are very broad and may cause the skill to activate for many generic requests about videos, explanations, or educational content. Over-broad activation can lead to unexpected execution of shell-based and file-writing steps in contexts where the user did not intend to invoke this higher-risk workflow.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill directs the agent to perform network-based searches for course design practices and media resources without an explicit user-facing notice that prompts may be sent to external services. This can expose sensitive project topics, proprietary lesson plans, or personal data to third-party providers without informed consent.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal