Back to skill

Security audit

instruction-web

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate guide-publishing workflow, but it can steer an agent into publishing files to a hardcoded GitHub repository without a clear approval gate.

Install only if you intend to use a GitHub publishing workflow for generated HTML guides. Before using it, confirm the repository, branch, output path, generated content, and require an explicit final approval before any git commit or push.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad, mandatory, and based on common phrases like '操作说明' and '界面介绍', which are likely to appear in ordinary user requests. This can cause the skill to activate unexpectedly, steering the agent into repository-writing and publishing behavior without sufficiently specific user intent or confirmation.

Natural-Language Policy Violations

Medium
Confidence
87% confidence
Finding
The skill description is written to enforce Chinese-language behavior by default, without indicating adaptation to the user's requested language. While not directly enabling code execution or data exfiltration, it can override user expectations and increase the chance of incorrect or unsafe task handling when language mismatch affects confirmations, file contents, or publishing steps.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.