Video Transcript Method

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent video-transcription workflow that downloads user-provided media or subtitles and writes transcript files, with no evidence of hidden persistence, credential access, exfiltration, or destructive behavior.

Install only if you are comfortable having the agent fetch user-provided video URLs, download audio or subtitles, and create transcript files locally. Use a deliberate output directory, consider copyright and privacy before processing third-party or sensitive videos, and avoid disabling SSL verification unless absolutely necessary.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs downloading remote media/subtitles and saving transcript outputs locally, but it does not clearly warn that user-supplied URLs may trigger network transfers and file creation on disk. In practice, this can expose users to privacy, storage, and compliance risks, especially when processing sensitive or copyrighted content or when files are written to unexpected locations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal