Back to skill

Security audit

p-video-replace

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Pruna video-replacement helper that uses a third-party API, so it is acceptable but users should treat uploaded media and API usage as sensitive.

Install only if you are comfortable sending selected videos and reference images to Pruna for processing. Confirm you have rights and consent for any faces, clothing, products, or commercial footage, keep PRUNA_API_KEY in environment variables, and approve batch size before running parallel jobs because usage may incur cost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (13)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The document explicitly instructs the parent agent to pass a PRUNA_API_KEY note to subagents, which expands credential exposure beyond the minimum necessary scope. In an agentic environment, subagents may have broader logging, prompt-injection, or output leakage risks, so propagating a reusable API credential materially increases the blast radius if any lane is compromised.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The parallel execution guidance encourages launching multiple predictions and subsequent downloads in batch, but it does not pair that with a strong warning that these actions can trigger paid API usage at scale. In an autonomous agent context, omission of a cost-consent checkpoint can lead to unexpected spend and user harm, especially when fan-out across scenes is the default.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The subagent instructions combine credential propagation with no explicit privacy or secret-handling safeguards. In practice, this can cause API keys or sensitive project details to be exposed in subagent prompts, traces, artifacts, or merged manifests, which is especially risky in multi-agent systems where context boundaries are weak.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The document instructs agents to upload local files and download results using an authenticated header, but it does not require any user confirmation, data-handling warning, or minimization guidance before transmitting potentially sensitive local content to a third-party API. In an agent skill context, that omission can cause unintended exfiltration of user files, media, or embedded metadata during normal operation.

External Transmission

Medium
Category
Data Exfiltration
Content
-H "apikey: ${PRUNA_API_KEY}" \
  -F "content=@/path/to/source-video.mp4"

curl -X POST "https://api.pruna.ai/v1/files" \
  -H "apikey: ${PRUNA_API_KEY}" \
  -F "content=@/path/to/reference-person-a.png"
Confidence
91% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-H 'Model: p-video-replace' \
  -d '{
    "input": {
      "video": "https://api.pruna.ai/v1/files/source-video-abc123",
      "images": [
        "https://api.pruna.ai/v1/files/reference-person-a-def456",
        "https://api.pruna.ai/v1/files/reference-person-b-ghi789"
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
"input": {
      "video": "https://api.pruna.ai/v1/files/source-video-abc123",
      "images": [
        "https://api.pruna.ai/v1/files/reference-person-a-def456",
        "https://api.pruna.ai/v1/files/reference-person-b-ghi789"
      ],
      "resolution": "720p",
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
"video": "https://api.pruna.ai/v1/files/source-video-abc123",
      "images": [
        "https://api.pruna.ai/v1/files/reference-person-a-def456",
        "https://api.pruna.ai/v1/files/reference-person-b-ghi789"
      ],
      "resolution": "720p",
      "target_fps": "original",
Confidence
93% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
-H 'Try-Sync: true' \
  -d '{
    "input": {
      "video": "https://api.pruna.ai/v1/files/source-video-abc123",
      "images": [
        "https://api.pruna.ai/v1/files/reference-image-def456"
      ]
Confidence
90% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
"input": {
      "video": "https://api.pruna.ai/v1/files/source-video-abc123",
      "images": [
        "https://api.pruna.ai/v1/files/reference-image-def456"
      ]
    }
  }'
Confidence
90% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## Base URL

- Predictions: `https://api.pruna.ai/v1/predictions`
- File upload: `https://api.pruna.ai/v1/files` (multipart form field `content=@file`)
- Status: `https://api.pruna.ai/v1/predictions/status/{id}`
- Delivery: use `generation_url` from a succeeded status (may be relative; prefix with `https://api.pruna.ai` if needed)
Confidence
88% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## Base URL

- Predictions: `https://api.pruna.ai/v1/predictions`
- File upload: `https://api.pruna.ai/v1/files` (multipart form field `content=@file`)
- Status: `https://api.pruna.ai/v1/predictions/status/{id}`
- Delivery: use `generation_url` from a succeeded status (may be relative; prefix with `https://api.pruna.ai` if needed)
Confidence
95% confidence
Finding
https://api.pruna.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
## File uploads

1. `POST /v1/files` with `-F "content=@/path/to/file.jpg"` and `apikey` header.
2. Use `urls.get` from the response (or construct `https://api.pruna.ai/v1/files/{id}`) as the **`image`**, **`last_frame_image`**, **`images[]`**, **`person_image`**, **`garment_images[]`**, **`audio`**, etc. value in `input`.

Uploaded files expire (see upload response `expires_at`).
Confidence
96% confidence
Finding
https://api.pruna.ai/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.