Security audit

YouTube 脚本生成

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent prompt-only helper for generating FridayParts repair-video scripts, with no evidence of hidden execution, data access, persistence, or exfiltration.

Install this as a prompt-only writing aid, but expect it to steer outputs toward FridayParts heavy-equipment repair content. If you use it for generic YouTube scripts, narrow the triggers or confirm the repair-video context first, and continue human technical review before publishing repair or safety guidance.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The trigger phrases are broad enough to match ordinary requests for generic video or script writing, which can cause the skill to activate outside its intended FridayParts repair-video use case. That increases the risk of prompt hijacking, unintended brand-constrained responses, or inappropriate application of domain-specific instructions to unrelated user tasks.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad enough to match many generic requests about video scripting, which can cause the skill to activate outside its intended FridayParts heavy-equipment repair context. That increases the chance of inappropriate prompt injection into unrelated workflows, user confusion, and lower-quality or mis-scoped outputs, though it is not directly enabling code execution or data exfiltration.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The 'Use when' clause is overly broad and lacks exclusion boundaries, so the skill may be selected for requests that are about general YouTube content rather than machinery repair education. This is a prompt-routing weakness: the wrong specialized instructions could be applied to unrelated user tasks, leading to confusing outputs and possible policy or brand-context leakage into inappropriate contexts.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.