gemini video analyze

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Gemini video-url analyzer with expected third-party API use and no hidden persistence or destructive behavior found.

Install this only if you are comfortable sending the video URL and your analysis prompt to Google Gemini under your API account. Use public URLs, avoid secrets or confidential material in prompts or signed URLs, prefer environment variables over the --api-key command-line option, and install google-genai from a trusted source.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill description and instructions omit a clear warning that the provided video URL and user prompt are transmitted to Google's Gemini service. That omission can cause users to unknowingly send sensitive prompts, proprietary links, or regulated content to a third-party provider, creating privacy, compliance, and data-handling risks.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal