Media.io Wan Video Generator

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Media.io video-generation helper, but it will send prompts, image URLs, and an API key to Media.io when used.

Install only if you intend to let an agent call Media.io with your Media.io API key. Avoid using private/internal image URLs or sensitive prompts unless you are comfortable sending them to Media.io, and monitor credit usage.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 78% confidence
Finding: The image-to-video endpoints accept externally hosted image URLs but do not warn users that referenced media and related request metadata will be fetched and processed by a remote third-party service. In an agent skill context, this increases the chance that users unintentionally transmit private or internal image URLs to an external provider, creating privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal