Back to skill

Security audit

Picasso TikTok

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed video-production workflow that uses several cloud media services, with the main caution being privacy around externally uploaded scripts, audio, and video.

Install only if you are comfortable sending scripts, media, generated voice audio, and transcripts to the named services. Use project-specific API keys with spending limits, avoid confidential or sensitive content unless the provider and uguu.se data-handling risks are acceptable, and consider replacing uguu.se with a private signed-URL storage service for sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill declares a limited set of external dependencies, but the instructions also send data to undeclared services including Cartesia and uguu.se. Undeclared third-party dependencies are dangerous because they expand the data-sharing and trust boundary without operator awareness, undermining consent, review, and compliance controls.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill declares a limited set of external dependencies, but the instructions also send data to undeclared services including Cartesia and uguu.se. Undeclared third-party dependencies are dangerous because they expand the data-sharing and trust boundary without operator awareness, undermining consent, review, and compliance controls.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The workflow uploads generated audio to uguu.se, a public third-party file host, to obtain a URL for HeyGen. This exposes potentially sensitive voice content and script material to an unrelated public service, creating confidentiality, retention, and unauthorized access risks that are especially serious in a media-production pipeline handling user-supplied content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs operators to upload audio to a third-party host without a clear warning that user content will leave the primary vendors and may become publicly accessible or retained. Missing disclosure prevents informed consent and increases the chance that sensitive or proprietary audio is exposed unintentionally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.