Back to skill

Security audit

narrated-multi-scene

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Pruna video-generation workflow with expected API use and human approval gates, with automation bypass flags that should be used cautiously.

Before installing, understand that this skill can guide an agent to spend Pruna credits and upload selected images/audio to Pruna using your API key. Keep the approval-gate workflow enabled for normal interactive use, and reserve the documented skip flags only for trusted automation where cost and content review are handled elsewhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The file explicitly documents gate-skipping flags for automation (`--yes-skip-stills-gate`, `--yes-skip-clips-gate`) without strong procedural or technical constraints on when they may be used. In a workflow centered on expensive, approval-gated media generation, broadly exposing bypass mechanisms increases the chance that an agent or operator will skip required human review and trigger paid or unsafe generation steps prematurely.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.