ZenMux Media Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward ZenMux media-generation helper that uses a ZenMux API key to create and save generated images or videos, with no evidence of hidden or unrelated behavior.

Install only if you are comfortable giving the skill a ZenMux API key and sending prompts or reference image URLs to ZenMux. Use a dedicated key if possible, monitor billing or quota, avoid sensitive prompts or private signed URLs, and choose output paths carefully because generated files can be written locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tainted flow: 'video_url' from requests.post (line 165, network input) → requests.get (network output)

Medium

Category: Data Flow
Content: video_url = status["output"]["url"] print(f"Downloading from: {video_url}") response = requests.get(video_url, timeout=300) response.raise_for_status() if out is None:
Confidence: 94% confidence
Finding: response = requests.get(video_url, timeout=300)

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal