Back to skill

Security audit

YouTube Title Generator

Security checks across malware telemetry and agentic risk

Overview

This skill gives an agent a straightforward workflow for generating YouTube titles, with URL fetching and saved output that fit the stated purpose.

Install if you are comfortable with the agent fetching URLs you provide and saving generated title ideas in the local youtube-title/ directory. Avoid giving it private-network, internal, credential-bearing, or sensitive URLs unless you trust the runtime's fetch protections and want that content analyzed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly accepts arbitrary user-provided URLs and instructs the agent to fetch them, but provides no warning, restriction, or validation. This can expose the agent environment to SSRF-style access, unintended requests to internal or sensitive endpoints, and disclosure of user-supplied URLs or related metadata to external services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to save generated output to a local file with a timestamped path, but does not disclose this persistence behavior to the user up front or provide consent controls. This creates a risk of unintended local data retention, leakage of sensitive user content into workspace files, and accumulation of artifacts that other tools or users may later access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.