Back to skill

Security audit

Video Script Generator

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Chinese short-video script writing skill with no code, installs, credentials, or hidden system access.

Safe to install from a security perspective. Before publishing generated scripts, review them for factual accuracy, attribution needs, copyright risk, and whether Chinese Douyin/Toutiao-style output fits your intended audience.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are very broad and can match ordinary requests for generic writing assistance, causing the skill to activate outside its intended niche. Over-broad activation can steer users into a specific workflow, source selection, and style pattern without clear user intent, which is a genuine scope-control issue even if it is not overtly malicious.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill metadata and content assume Chinese-language operation without giving users a language choice or documenting that the skill is intended only for a Chinese-speaking audience. This can cause unintended language switching, reduced usability, and incorrect outputs for users interacting in other languages; in agent settings, forced locale behavior is a real safety and reliability issue, though not a severe security flaw here.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.