Cake Decor Video

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeryAI cake-video generator that uses a required API key and paid network calls for its stated purpose.

Install only if you trust the publisher enough to provide a WeryAI API key. Leave WERYAI_BASE_URL and WERYAI_MODELS_BASE_URL unset unless you intentionally use trusted alternate endpoints, and review the confirmation table because successful runs consume paid credits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The implicit trigger uses a broad natural-language request in Chinese that describes cake-decorating content without any explicit skill invocation boundary. This can cause over-triggering, where the agent invokes the skill for loosely related prompts, reducing routing precision and potentially causing unintended tool use in normal conversation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal