Back to skill

Security audit

captions

Security checks across malware telemetry and agentic risk

Overview

This captions skill appears functional, but its setup guidance gives the agent too much control over account creation and long-term API key handling.

Review before installing. Use this skill only if you are comfortable sending YouTube video IDs or URLs to TranscriptAPI and giving the agent access to a TranscriptAPI key. Prefer creating the account yourself, entering the API key through a trusted secret manager, and avoiding persistent shell/profile storage unless you know where the key is saved and how to remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create a third-party TranscriptAPI account on the user's behalf, including handling email-based OTP verification. That exceeds the stated purpose of a captions-fetching skill and expands the agent's authority into account creation and identity-bound authentication workflows, increasing the chance of unauthorized account actions, mishandling of credentials, and privacy issues.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The document directs the agent to determine how to persistently store `TRANSCRIPT_API_KEY` so it survives across sessions and shells. Persistent secret storage is a privileged capability unrelated to simply retrieving captions, and it creates unnecessary long-term exposure if the agent environment, config files, or future sessions are compromised or accessed by other tools.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation text is unusually broad: it triggers not only on explicit caption requests, but also on general cases like pasted video links, content review, translation, and language learning. That increases the chance the agent invokes this skill for ordinary video-related prompts and sends user-supplied video identifiers to an external service when the user may not expect that delegation or data transfer.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to transmit user-provided YouTube URLs or video IDs, along with an authorization header, to transcriptapi.com without any explicit privacy disclosure or consent step. While this is expected for the feature, it creates a real data-sharing risk because user-provided links may reveal viewing interests, sensitive research topics, or private/unlisted content, and the user is not clearly warned that a third party will receive that data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly tells the agent to store an `sk_` API key persistently and verify it is available in future sessions, but it provides no user-facing warning about the risks of long-term credential storage or where the secret will be written. In a captions skill context, collecting and persisting a reusable third-party credential without transparent disclosure is unnecessary and increases the risk of credential leakage and unintended reuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.