gemini-count-in-video

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Gemini video analysis skill with disclosed, purpose-aligned cloud uploads, but users should treat surveillance footage and API keys carefully.

Install only if you are comfortable sending selected videos to Google Gemini for processing. Confirm you have authorization to upload surveillance footage, avoid regulated or confidential video unless approved, use a dedicated folder for batch jobs, keep GEMINI_API_KEY in an environment variable or secrets manager, and monitor API usage and costs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly targets surveillance footage and demonstrates uploading videos to the Google Gemini API, but it does not warn users that potentially sensitive footage containing people, vehicles, locations, and timestamps will be transmitted to a third-party service. In this context, the omission is security/privacy-relevant because users may unknowingly exfiltrate regulated or confidential video data outside their environment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal