Image To Video Google

Security checks across malware telemetry and agentic risk

Overview

This skill is a cloud video-generation helper, and its third-party upload behavior is expected for that purpose but should be used carefully with private media.

Install only if you are comfortable sending prompts and uploaded images or other media to NemoVideo's cloud service for rendering. Avoid sensitive personal, business, or confidential media unless you have reviewed the provider's privacy and retention terms, and invoke the skill explicitly for video-generation tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to upload user images and prompts to a third-party backend, but it does not clearly disclose this to the user before data transfer. That creates a privacy and consent risk, especially because images may contain sensitive personal or business information and the service performs remote processing.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal