Ai Subtitle Generator Free

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed cloud subtitle/video-rendering integration, but users should know it sends chosen media and prompts to NemoVideo and has broad routing for editing messages.

Install this only if you are comfortable sending the videos, URLs, prompts, and editing instructions you provide to NemoVideo's cloud service. Use a dedicated or anonymous token where possible, avoid sensitive media unless third-party processing is acceptable, and be aware that vague editing messages may be sent to the backend once the skill is active.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The getting-started prompt encourages activation from very generic language such as 'tell me what you're thinking,' which can cause the skill to engage on unrelated user input. Overly broad invocation increases the chance of unintended API calls, accidental token/session creation, and unexpected processing of user-provided files or instructions.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: A catch-all routing rule that sends 'everything else' to the SSE editing backend makes the skill trigger on ambiguous or unrelated language. This can cause unintended remote actions, broaden prompt-injection exposure through backend interpretation, and make user intent validation too weak for a networked media-processing skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal