Back to skill

Security audit

Edu Video Generator

Security checks across malware telemetry and agentic risk

Overview

This video-generation skill largely matches its purpose, but it should be reviewed because its examples encourage unsafe code execution from project content and weaken browser/process safety controls.

Install only as a trusted local development helper. Before using its patterns, replace the new Function resolver with a strict parser, avoid rendering untrusted content with disabled Chromium web security, sanitize MathJax/SVG output before injecting it, pin or review npm dependencies, and verify process IDs before running pkill or kill -9.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The sample resolver builds executable JavaScript from content-derived strings using new Function, which enables code execution if an attacker can influence content.json or any variable expressions. In this skill context, the documentation explicitly encourages data-driven rendering, so users are likely to adopt this pattern and treat content as configuration, making injection risk more realistic and dangerous.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation presents the resolver as a 'safe implementation' while using new Function, which can mislead downstream users into adopting an unsafe code-execution primitive without additional safeguards. This contradiction increases the likelihood of insecure copy-paste reuse and lowers operator suspicion, amplifying the practical exploitability of the pattern.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The renderer launches Chromium with `disableWebSecurity: true`, which disables key browser isolation controls such as same-origin protections. In a video-generation pipeline that may render React content, remote assets, or untrusted composition code, this can allow unintended cross-origin access and broaden the blast radius of any malicious or compromised content loaded during rendering.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The troubleshooting guidance includes `pkill -f chrome-headless`, which can terminate all matching processes on the host without prompting or scope limitation. In an agent skill context, users may copy commands verbatim, so this can cause unintended disruption to unrelated browser automation, rendering jobs, or other sessions running under the same account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The troubleshooting guidance recommends killing processes, including a forceful `kill -9`, without advising users to verify process ownership, confirm the specific target, or consider impact on unrelated workloads. In shared development environments or multi-user systems, this can terminate unrelated services, cause data loss, and disrupt active sessions; the risk is elevated because the file presents the commands as routine remediation steps.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.