Sense Audio

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only SenseAudio API guide; it may help create requests that send text or media to SenseAudio, but that behavior matches its stated purpose.

Reasonable to install as documentation for SenseAudio API work. Before using generated examples, keep the API key in an environment variable or secret manager, avoid logging tokens, and only upload prompts, audio, images, or video that you are allowed and comfortable to send to SenseAudio for processing and possible short-term retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document instructs users to upload media and prompts to an external API using bearer-authenticated requests, but it does not warn that user files, prompts, and generated assets are transmitted to a third-party service. In an agent skill context, this omission can cause unintentional exfiltration of sensitive content because an operator may invoke these flows without realizing data leaves the local system or trusted boundary.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal