Grant Writer

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only grant-writing skill whose behavior matches its stated purpose, with a normal privacy caution for sensitive grant materials.

Before installing, remember that strong grant drafts may require proprietary project plans, budgets, partner details, unpublished research, or staffing information. Share only data your organization is allowed to provide to the agent/model provider, verify citations and eligibility claims before submission, and treat the AfrexAI links as optional external resources rather than required setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly says the agent will 'handle the rest — research, structure, drafting, and self-review' for grant applications, but provides no warning that users may submit sensitive organizational, financial, staffing, or proposal data to an external AI system. In a grant-writing context, this can expose confidential business plans, budgets, partnership details, or unpublished research information if users assume local-only or safe handling.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal