Podcast Production Workflow

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only podcast workflow skill, with no code execution or credential handling found.

Safe to install as a podcast planning and content workflow aid. Be aware it may activate for a wide range of podcast-related prompts, and keep actual uploads, account logins, platform posting, and credential entry under your direct control.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest says to use the skill whenever the user asks about a wide range of podcast topics and then expands this to "any variation of audio/video podcast creation and distribution." That scope is very broad, lacks exclusion conditions, and can collide with ordinary discussion about podcasts rather than a clear request for this specific workflow.

Vague Triggers

Low

Confidence: 81% confidence
Finding: Phrases like "User wants to define their podcast direction" and similar trigger statements throughout the document are descriptive but not operationally specific. The file does not explain how to distinguish overlapping cases, such as planning versus growth versus distribution, which can lead to inconsistent invocation paths.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal