Back to skill

Security audit

Ai Video Script 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only AI video script helper with broad activation wording but no code, credential access, network use, or persistence.

Install if you want help drafting AI video scripts, shot lists, prompts, and voiceover copy. Expect it may trigger on generic video-planning requests, and verify the publisher/package identity if the metadata mismatch matters to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are overly broad and include common terms like '视频脚本', '分镜', and 'AI视频', which can cause the skill to activate for many unrelated requests in normal video-creation workflows. This increases the chance of unintended invocation, response hijacking, or routing users into this skill when they did not explicitly request it.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.